Lucene search

[email protected]CVE-2014-4671

HistoryJul 09, 2014 - 5:04 a.m.

CVE-2014-4671

2014-07-0905:04:24

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-4671

adobe flash player

remote code execution

csrf

jsonp

swf file format

information security

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

87.1%

JSON

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.

Affected configurations

NVD

Node

adobeflash_playerRange≤11.2.202.378

adobeflash_playerMatch11.2.202.223

adobeflash_playerMatch11.2.202.228

adobeflash_playerMatch11.2.202.233

adobeflash_playerMatch11.2.202.235

adobeflash_playerMatch11.2.202.236

adobeflash_playerMatch11.2.202.238

adobeflash_playerMatch11.2.202.243

adobeflash_playerMatch11.2.202.251

adobeflash_playerMatch11.2.202.258

adobeflash_playerMatch11.2.202.261

adobeflash_playerMatch11.2.202.262

adobeflash_playerMatch11.2.202.270

adobeflash_playerMatch11.2.202.273

adobeflash_playerMatch11.2.202.275

adobeflash_playerMatch11.2.202.280

adobeflash_playerMatch11.2.202.285

adobeflash_playerMatch11.2.202.291

adobeflash_playerMatch11.2.202.297

adobeflash_playerMatch11.2.202.310

adobeflash_playerMatch11.2.202.332

adobeflash_playerMatch11.2.202.335

adobeflash_playerMatch11.2.202.336

adobeflash_playerMatch11.2.202.341

adobeflash_playerMatch11.2.202.346

adobeflash_playerMatch11.2.202.350

adobeflash_playerMatch11.2.202.356

adobeflash_playerMatch11.2.202.359

AND

linuxlinux_kernel

Node

adobeadobe_airRange≤14.0.0.110

adobeadobe_airMatch13.0.0.83

adobeadobe_airMatch13.0.0.111

Node

adobeadobe_air_sdkRange≤14.0.0.110

adobeadobe_air_sdkMatch13.0.0.83

adobeadobe_air_sdkMatch13.0.0.111

Node

adobeflash_playerRange≤13.0.0.223

adobeflash_playerMatch13.0.0.182

adobeflash_playerMatch13.0.0.201

adobeflash_playerMatch13.0.0.206

adobeflash_playerMatch13.0.0.214

adobeflash_playerMatch14.0.0.125

AND

applemac_os_x

microsoftwindows

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle11.2.202.378
adobe:flash_playeradobe flash playereq11.2.202.223
adobe:flash_playeradobe flash playereq11.2.202.228
adobe:flash_playeradobe flash playereq11.2.202.233
adobe:flash_playeradobe flash playereq11.2.202.235
adobe:flash_playeradobe flash playereq11.2.202.236
adobe:flash_playeradobe flash playereq11.2.202.238
adobe:flash_playeradobe flash playereq11.2.202.243
adobe:flash_playeradobe flash playereq11.2.202.251
adobe:flash_playeradobe flash playereq11.2.202.258

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	11.2.202.378
adobe:flash_player	adobe flash player	eq	11.2.202.223
adobe:flash_player	adobe flash player	eq	11.2.202.228
adobe:flash_player	adobe flash player	eq	11.2.202.233
adobe:flash_player	adobe flash player	eq	11.2.202.235
adobe:flash_player	adobe flash player	eq	11.2.202.236
adobe:flash_player	adobe flash player	eq	11.2.202.238
adobe:flash_player	adobe flash player	eq	11.2.202.243
adobe:flash_player	adobe flash player	eq	11.2.202.251
adobe:flash_player	adobe flash player	eq	11.2.202.258