Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-4671

Disclosure Date: July 09, 2014
CVE-2014-4671
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
auxiliary/gather/flash_rosetta_jsonp_url_disclosure
Reporter
Unknown

Vendors

  • adobe

Products

  • adobe air,
  • adobe air 13.0.0.111,
  • adobe air 13.0.0.83,
  • adobe air sdk,
  • adobe air sdk 13.0.0.111,
  • adobe air sdk 13.0.0.83,
  • flash player,
  • flash player 11.2.202.223,
  • flash player 11.2.202.228,
  • flash player 11.2.202.233,
  • flash player 11.2.202.235,
  • flash player 11.2.202.236,
  • flash player 11.2.202.238,
  • flash player 11.2.202.243,
  • flash player 11.2.202.251,
  • flash player 11.2.202.258,
  • flash player 11.2.202.261,
  • flash player 11.2.202.262,
  • flash player 11.2.202.270,
  • flash player 11.2.202.273,
  • flash player 11.2.202.275,
  • flash player 11.2.202.280,
  • flash player 11.2.202.285,
  • flash player 11.2.202.291,
  • flash player 11.2.202.297,
  • flash player 11.2.202.310,
  • flash player 11.2.202.332,
  • flash player 11.2.202.335,
  • flash player 11.2.202.336,
  • flash player 11.2.202.341,
  • flash player 11.2.202.346,
  • flash player 11.2.202.350,
  • flash player 11.2.202.356,
  • flash player 11.2.202.359,
  • flash player 13.0.0.182,
  • flash player 13.0.0.201,
  • flash player 13.0.0.206,
  • flash player 13.0.0.214,
  • flash player 14.0.0.125
Technical Analysis