Oval Definition:oval:org.mitre.oval:def:25191
Revision Date:2015-08-03Version:42
Title:Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors
Description:Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-4671
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Adobe AIR
Adobe Flash Player
Definition Synopsis
  • Adobe Flash Player section
  • Adobe Flash Player 14 is installed
  • AND Version of Adobe Flash Player is less than 14.0.0.145
  • OR Flash.ocx section
  • ActiveX Control is installed
  • AND Determine if the version of Flash.ocx is less than 14.0.0.145
  • AND Determine if the version of Flash.ocx is greater than or equal 14.0.0.0
  • OR Adobe Flash Player section
  • Adobe Flash Player 13 is installed
  • AND Version of Adobe Flash Player is less than 13.0.0.231
  • OR Flash.ocx section
  • ActiveX Control is installed
  • AND Determine if the version of Flash.ocx is less than 13.0.0.231
  • AND Determine if the version of Flash.ocx is greater than or equal 13.0.0.0
    • BACK