CVE-2014-4671
Published Jul 9, 2014
Last updated 9 years ago
Overview
- Description
- Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6EE848A-771C-4A59-8BFD-CFED00CBD1FD",
"versionEndIncluding": "11.2.202.378"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "146E1EAC-B9AF-4511-A0DC-A048428E3B68"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AFBB9EA-1A66-4FBC-BF89-7DF04FDD6788"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39065E60-3680-4384-95C0-EF4F874D2400"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B0603B3-5C98-422D-A49D-EBE1798DAE69"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AC7882D-1577-4CEA-B1C0-0FEBC91A441A"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CED86796-B721-49B1-A021-82FA769FA024"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF7843C6-628A-4091-8A09-6E126A89870E"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "472F569C-0FD5-4F61-A4D6-258A8A9C4008"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E91A468-191C-4A2D-B1B6-0DDE8BB1C1D8"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47F94E94-C190-4559-8FF6-FEEE6634B67B"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CC3FDE1-44FD-4BC3-BB43-C44C94D3F794"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE46E137-5298-44FA-B40C-6079C9AEE60F"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D14EAFB3-3718-466F-8EB2-61D00D569251"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD3390A0-8EB6-424E-96AC-B87E22D6FF6E"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCD935A5-D923-48CC-9699-977C5123D52C"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AABFF8D-2C2A-4B8B-9DE2-C74EECEDD86F"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD0EF3E4-C91F-4AD4-91E7-A10DC66DE4A3"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DDB9C24-953C-4268-8C4A-E7C0F021698E"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8474A98-24F4-43E5-9402-319F68A9880B"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CD7F4E8-742E-4264-84EE-22D9E3CB3C76"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97DBA814-D400-440C-BEEA-AB1913F783C1"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CDA6379-D70E-476C-82C5-C916C13CA081"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "515589AD-8CC1-46CE-9F9A-BAAD725E2C8F"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "308488AB-3D95-4231-8201-BF4EE5C9C151"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDB40406-277E-4BF5-ADCF-BE16B1CF390B"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33165339-9DCC-46B2-B22F-CF31D26175D7"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28AB62F3-9CB0-4ED8-9785-2B4878BB101D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1601647A-06A7-4D82-9BF0-5DCAAC5A2114",
"versionEndIncluding": "14.0.0.110"
},
{
"criteria": "cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C898203-9D6E-4430-8905-C28180F954E1"
},
{
"criteria": "cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "434B6846-3ED5-4F23-88D1-567668EE8E94"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4010CF1-D0B6-46FD-97DF-6F546881AFA6",
"versionEndIncluding": "14.0.0.110"
},
{
"criteria": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B005E5AC-DD7D-413E-92A2-4E8D7F3F2D7A"
},
{
"criteria": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F228403E-68B3-4B18-B120-066346D80891"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C96C2CD0-3CBE-4770-B1CC-1A53BEE493A0",
"versionEndIncluding": "13.0.0.223"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3DD6547-ABEE-4734-87AA-BD3E247226B7"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0732FFB7-4BFD-499D-A166-9128F3DABA0B"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C282F91D-C1FE-4CC7-A33D-8E43F85DF168"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11E8C1F3-83AA-468B-8F5A-285F3BD19CC6"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5D7202D-56DF-400B-9F09-E7D9938222D3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]