Adobe Flash Player prior to 13.0.0.241 and 14.x prior to 14.0.0.176 on Windows and OS X and prior to 11.2.202.400 on Linux, Adobe AIR prior to 14.0.0.178 on Windows and OS X and prior to 14.0.0.179 on Android, Adobe AIR SDK prior to 14.0.0.178, and Adobe AIR SDK & Compiler prior to 14.0.0.178 do not properly restrict the SWF file format, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe adobe air |
||
adobe adobe air 13.0.0.83 |
||
adobe adobe air 13.0.0.111 |
||
adobe adobe air 14.0.0.110 |
||
adobe flash player |
||
adobe flash player 13.0.0.182 |
||
adobe flash player 13.0.0.201 |
||
adobe flash player 13.0.0.206 |
||
adobe flash player 13.0.0.214 |
||
adobe flash player 13.0.0.223 |
||
adobe flash player 14.0.0.125 |
||
adobe flash player 14.0.0.145 |
||
adobe adobe air sdk |
||
adobe adobe air sdk 13.0.0.83 |
||
adobe adobe air sdk 13.0.0.111 |
||
adobe adobe air sdk 14.0.0.110 |
||
adobe flash player 11.2.202.223 |
||
adobe flash player 11.2.202.228 |
||
adobe flash player 11.2.202.233 |
||
adobe flash player 11.2.202.235 |
||
adobe flash player 11.2.202.236 |
||
adobe flash player 11.2.202.238 |
||
adobe flash player 11.2.202.243 |
||
adobe flash player 11.2.202.251 |
||
adobe flash player 11.2.202.258 |
||
adobe flash player 11.2.202.261 |
||
adobe flash player 11.2.202.262 |
||
adobe flash player 11.2.202.270 |
||
adobe flash player 11.2.202.273 |
||
adobe flash player 11.2.202.275 |
||
adobe flash player 11.2.202.280 |
||
adobe flash player 11.2.202.285 |
||
adobe flash player 11.2.202.291 |
||
adobe flash player 11.2.202.297 |
||
adobe flash player 11.2.202.310 |
||
adobe flash player 11.2.202.332 |
||
adobe flash player 11.2.202.335 |
||
adobe flash player 11.2.202.336 |
||
adobe flash player 11.2.202.341 |
||
adobe flash player 11.2.202.346 |
||
adobe flash player 11.2.202.350 |
||
adobe flash player 11.2.202.356 |
||
adobe flash player 11.2.202.359 |
||
adobe flash player 11.2.202.378 |