CSRF Vulnerability in Adobe Flash Player and AIR
CVE-2014-5333

Currently unrated

Key Information:

Vendor

Adobe
Status
Adobe Air
Vendor
CVE Published:
19 August 2014

What is CVE-2014-5333?

Adobe Flash Player and Adobe AIR suffer from a vulnerability that fails to adequately restrict the SWF file format. This flaw can be exploited by remote attackers using crafted OBJECT elements, allowing them to execute cross-site request forgery (CSRF) attacks on JSONP endpoints. This security gap can potentially expose sensitive information due to the mishandling of specific characters in callback APIs.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://helpx.adobe.com/security/products/flash-player/aps...
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/95418
vdb-entryx_refsource_XF
http://miki.it/blog/2014/8/15/adobe-really-fixed-rosetta-...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.