CVE-2014-5333

Published Aug 19, 2014
Last updated 3 months ago
CVSS info 4.3
Overview

Description: Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671.
Source: psirt@adobe.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-352
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83D55436-5B93-4285-865A-7CDEBAB23CEA",
            "versionEndIncluding": "14.0.0.137"
          },
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C898203-9D6E-4430-8905-C28180F954E1"
          },
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "434B6846-3ED5-4F23-88D1-567668EE8E94"
          },
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB252359-318A-4054-8CEA-D08AB7500100"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFE450E1-FE4E-4BDD-BD7D-5844AFC0C676",
            "versionEndIncluding": "13.0.0.231"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3DD6547-ABEE-4734-87AA-BD3E247226B7"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0732FFB7-4BFD-499D-A166-9128F3DABA0B"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C282F91D-C1FE-4CC7-A33D-8E43F85DF168"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11E8C1F3-83AA-468B-8F5A-285F3BD19CC6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59F08016-055D-4B70-8085-9C657481BA9C"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5D7202D-56DF-400B-9F09-E7D9938222D3"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D4F0D21-A64B-46C1-9591-96529661DF0B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EADFC4AC-861F-4F47-AF20-18EED3866C41",
            "versionEndIncluding": "14.0.0.137"
          },
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B005E5AC-DD7D-413E-92A2-4E8D7F3F2D7A"
          },
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F228403E-68B3-4B18-B120-066346D80891"
          },
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73E1378C-8C12-4728-BC84-2836691C2B11"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7374A426-E2EB-49A2-8E4E-DE4DA0C4EC9F",
            "versionEndIncluding": "11.2.202.394"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "146E1EAC-B9AF-4511-A0DC-A048428E3B68"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AFBB9EA-1A66-4FBC-BF89-7DF04FDD6788"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39065E60-3680-4384-95C0-EF4F874D2400"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B0603B3-5C98-422D-A49D-EBE1798DAE69"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AC7882D-1577-4CEA-B1C0-0FEBC91A441A"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CED86796-B721-49B1-A021-82FA769FA024"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF7843C6-628A-4091-8A09-6E126A89870E"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "472F569C-0FD5-4F61-A4D6-258A8A9C4008"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E91A468-191C-4A2D-B1B6-0DDE8BB1C1D8"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47F94E94-C190-4559-8FF6-FEEE6634B67B"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CC3FDE1-44FD-4BC3-BB43-C44C94D3F794"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE46E137-5298-44FA-B40C-6079C9AEE60F"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D14EAFB3-3718-466F-8EB2-61D00D569251"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD3390A0-8EB6-424E-96AC-B87E22D6FF6E"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCD935A5-D923-48CC-9699-977C5123D52C"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AABFF8D-2C2A-4B8B-9DE2-C74EECEDD86F"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD0EF3E4-C91F-4AD4-91E7-A10DC66DE4A3"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DDB9C24-953C-4268-8C4A-E7C0F021698E"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8474A98-24F4-43E5-9402-319F68A9880B"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CD7F4E8-742E-4264-84EE-22D9E3CB3C76"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97DBA814-D400-440C-BEEA-AB1913F783C1"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CDA6379-D70E-476C-82C5-C916C13CA081"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "515589AD-8CC1-46CE-9F9A-BAAD725E2C8F"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "308488AB-3D95-4231-8201-BF4EE5C9C151"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDB40406-277E-4BF5-ADCF-BE16B1CF390B"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33165339-9DCC-46B2-B22F-CF31D26175D7"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28AB62F3-9CB0-4ED8-9785-2B4878BB101D"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF423A60-6377-4782-B809-D6304322F391"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1601647A-06A7-4D82-9BF0-5DCAAC5A2114",
            "versionEndIncluding": "14.0.0.110"
          },
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C898203-9D6E-4430-8905-C28180F954E1"
          },
          {
            "criteria": "cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "434B6846-3ED5-4F23-88D1-567668EE8E94"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
