Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-5333

Published: 19/08/2014 Updated: 08/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Adobe Flash Player prior to 13.0.0.241 and 14.x prior to 14.0.0.176 on Windows and OS X and prior to 11.2.202.400 on Linux, Adobe AIR prior to 14.0.0.178 on Windows and OS X and prior to 14.0.0.179 on Android, Adobe AIR SDK prior to 14.0.0.178, and Adobe AIR SDK & Compiler prior to 14.0.0.178 do not properly restrict the SWF file format, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671.

Vulnerable Product Search on Vulmon Subscribe to Product

adobe adobe air

adobe adobe air 13.0.0.83

adobe adobe air 13.0.0.111

adobe adobe air 14.0.0.110

adobe flash player

adobe flash player 13.0.0.182

adobe flash player 13.0.0.201

adobe flash player 13.0.0.206

adobe flash player 13.0.0.214

adobe flash player 13.0.0.223

adobe flash player 14.0.0.125

adobe flash player 14.0.0.145

adobe adobe air sdk 13.0.0.111

adobe adobe air sdk 13.0.0.83

adobe adobe air sdk

adobe adobe air sdk 14.0.0.110

adobe flash player 11.2.202.223

adobe flash player 11.2.202.228

adobe flash player 11.2.202.233

adobe flash player 11.2.202.235

adobe flash player 11.2.202.236

adobe flash player 11.2.202.238

adobe flash player 11.2.202.243

adobe flash player 11.2.202.251

adobe flash player 11.2.202.258

adobe flash player 11.2.202.261

adobe flash player 11.2.202.262

adobe flash player 11.2.202.270

adobe flash player 11.2.202.273

adobe flash player 11.2.202.275

adobe flash player 11.2.202.280

adobe flash player 11.2.202.285

adobe flash player 11.2.202.291

adobe flash player 11.2.202.297

adobe flash player 11.2.202.310

adobe flash player 11.2.202.332

adobe flash player 11.2.202.335

adobe flash player 11.2.202.336

adobe flash player 11.2.202.341

adobe flash player 11.2.202.346

adobe flash player 11.2.202.350

adobe flash player 11.2.202.356

adobe flash player 11.2.202.359

adobe flash player 11.2.202.378

References

CWE-352http://miki.it/blog/2014/8/15/adobe-really-fixed-rosetta-flash-today/http://helpx.adobe.com/security/products/flash-player/apsb14-18.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/95418https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRFserver-side request forgeryCVE-2024-30067CVE-2024-5553CVE-2024-30095IDORCVE-2024-35252CVE-2024-23692CVE-2024-27801
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook