Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
2014-07-09T05:04:24.960
2025-04-12T10:46:40.837
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | adobe | flash_player | ≤ 11.2.202.378 | Yes |
| Application | adobe | flash_player | 11.2.202.223 | Yes |
| Application | adobe | flash_player | 11.2.202.228 | Yes |
| Application | adobe | flash_player | 11.2.202.233 | Yes |
| Application | adobe | flash_player | 11.2.202.235 | Yes |
| Application | adobe | flash_player | 11.2.202.236 | Yes |
| Application | adobe | flash_player | 11.2.202.238 | Yes |
| Application | adobe | flash_player | 11.2.202.243 | Yes |
| Application | adobe | flash_player | 11.2.202.251 | Yes |
| Application | adobe | flash_player | 11.2.202.258 | Yes |
| Application | adobe | flash_player | 11.2.202.261 | Yes |
| Application | adobe | flash_player | 11.2.202.262 | Yes |
| Application | adobe | flash_player | 11.2.202.270 | Yes |
| Application | adobe | flash_player | 11.2.202.273 | Yes |
| Application | adobe | flash_player | 11.2.202.275 | Yes |
| Application | adobe | flash_player | 11.2.202.280 | Yes |
| Application | adobe | flash_player | 11.2.202.285 | Yes |
| Application | adobe | flash_player | 11.2.202.291 | Yes |
| Application | adobe | flash_player | 11.2.202.297 | Yes |
| Application | adobe | flash_player | 11.2.202.310 | Yes |
| Application | adobe | flash_player | 11.2.202.332 | Yes |
| Application | adobe | flash_player | 11.2.202.335 | Yes |
| Application | adobe | flash_player | 11.2.202.336 | Yes |
| Application | adobe | flash_player | 11.2.202.341 | Yes |
| Application | adobe | flash_player | 11.2.202.346 | Yes |
| Application | adobe | flash_player | 11.2.202.350 | Yes |
| Application | adobe | flash_player | 11.2.202.356 | Yes |
| Application | adobe | flash_player | 11.2.202.359 | Yes |
| Operating System | linux | linux_kernel | * | No |
| Application | adobe | adobe_air | ≤ 14.0.0.110 | Yes |
| Application | adobe | adobe_air | 13.0.0.83 | Yes |
| Application | adobe | adobe_air | 13.0.0.111 | Yes |
| Application | adobe | adobe_air_sdk | ≤ 14.0.0.110 | Yes |
| Application | adobe | adobe_air_sdk | 13.0.0.83 | Yes |
| Application | adobe | adobe_air_sdk | 13.0.0.111 | Yes |
| Application | adobe | flash_player | ≤ 13.0.0.223 | Yes |
| Application | adobe | flash_player | 13.0.0.182 | Yes |
| Application | adobe | flash_player | 13.0.0.201 | Yes |
| Application | adobe | flash_player | 13.0.0.206 | Yes |
| Application | adobe | flash_player | 13.0.0.214 | Yes |
| Application | adobe | flash_player | 14.0.0.125 | Yes |
| Operating System | apple | mac_os_x | * | No |
| Operating System | microsoft | windows | * | No |