CSRF Vulnerability in Adobe Flash Player and AIR
CVE-2014-5333

Currently unrated

Key Information:

Vendor: Adobe
Status: Adobe Air
Vendor: CVE Published:; 19 August 2014

Summary

Adobe Flash Player and Adobe AIR suffer from a vulnerability that fails to adequately restrict the SWF file format. This flaw can be exploited by remote attackers using crafted OBJECT elements, allowing them to execute cross-site request forgery (CSRF) attacks on JSONP endpoints. This security gap can potentially expose sensitive information due to the mishandling of specific characters in callback APIs.

References

http://helpx.adobe.com/security/products/flash-player/aps...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/95418

vdb-entryx_refsource_XF

http://miki.it/blog/2014/8/15/adobe-really-fixed-rosetta-...

x_refsource_MISC

Timeline

Vulnerability published
Aug 19, 2014
Vulnerability Reserved
Aug 18, 2014