Details of VAR-201408-0361

ID

VAR-201408-0361

CVE

CVE-2014-5333

TITLE

Adobe Flash Player and Adobe AIR Vulnerable to cross-site request forgery attacks

Trust: 0.8

sources: JVNDB: JVNDB-2014-003851

DESCRIPTION

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. Adobe Flash Player and Adobe AIR are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Trust: 1.98

sources: NVD: CVE-2014-5333 // JVNDB: JVNDB-2014-003851 // BID: 69320 // VULHUB: VHN-73274

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.145	Trust: 1.9
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.125	Trust: 1.9
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.206	Trust: 1.9
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.201	Trust: 1.9
vendor:	adobe	model:	air sdk	scope:	eq	version:	14.0.0.110	Trust: 1.9
vendor:	adobe	model:	air sdk	scope:	eq	version:	13.0.0.111	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.214	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.223	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.182	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.378	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.356	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.336	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.335	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.332	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.310	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.291	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.285	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.275	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.273	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.270	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.262	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.261	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.258	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.251	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.243	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.238	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 1.3
vendor:	adobe	model:	air	scope:	eq	version:	14.0.0.110	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.359	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	13.0.0.231	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	14.0.0.110	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	11.2.202.394	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.236	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.280	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	13.0.0.83	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	14.0.0.137	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.341	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	eq	version:	13.0.0.83	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	14.0.0.137	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	13.0.0.111	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.350	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.297	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.346	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.179	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	eq	version:	macintosh	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(firefox edition windows npapi plugin )	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt : adobe flash player 14.0.0.176	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	14.0.0.178	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(windows macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	lt	version:	(windows	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	macintosh	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	eq	version:	14.0.0.178	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.400	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.176	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	(windows	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	machintosh version linux edition chrome)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	14.0.0.178	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1 : adobe flash player 14.0.0.176	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(windows edition	Trust: 0.8
vendor:	google	model:	chrome	scope:	lt	version:	36.0.1985.143	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x (internet explorer edition windows active x plugin )	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(android)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.241	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x (windows 8.1 edition internet explorer 11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.177	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x (macintosh)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	14.0.0.179	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x (windows 8.0 edition internet explorer 10)	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	eq	version:	android ios)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(linux)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(windows macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	android ios)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.231	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0214	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0182	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	12.070	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700169	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.5.502131	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.5.502124	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.5.502118	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.5.50080	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.400231	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300271	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300270	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300268	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300265	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300262	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300257	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300250	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300231	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300214	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.20295	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202359	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202350	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202346	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202341	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202297	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202280	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202238	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202236	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202221	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202197	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202160	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.11554	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.11164	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.11150	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1129	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.9.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.8.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.48.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.47.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.45.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.31.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.289.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.283.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.280	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.28.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.277.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.159.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.155.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.115.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.35.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.34.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.73.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.70.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.69.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.68.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.67.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.66.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.61.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.60.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.53.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.24.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.19.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.14.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	12.0.0.77	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	12.0.0.44	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	12.0.0.43	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	12.0.0.41	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	12.0.0.38	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	12	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.9.900.170	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.9.900.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.9.900.117	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.8.800.97	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.8.800.94	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.8.800.170	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.8.800.168	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.279	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.272	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.269	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.261	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.260	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.257	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.252	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.242	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.225	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.224	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.7.700.202	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.6.602.180	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.6.602.171	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.6.602.168	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.6.602.167	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.5.502.149	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.5.502.146	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.5.502.136	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.5.502.135	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.5.502.110	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.287	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.278	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.265	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.378.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.31.230	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.273	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.394	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.327	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.81	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.59	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.58	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.48	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.11	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.112.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.73	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.54	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.44	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.59	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.153	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.86	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.75	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.68	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.67	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.51	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.50	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.48	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.43	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.29	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.20	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.19	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.15	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.11	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.157.51	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.156.12	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.28	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.27	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.13	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.33	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.82.76	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.15	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.14.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.17	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.105.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.65	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 0.3
vendor:	adobe	model:	air sdk	scope:	eq	version:	13.083	Trust: 0.3
vendor:	adobe	model:	air sdk	scope:	eq	version:	13.0111	Trust: 0.3
vendor:	adobe	model:	air sdk	scope:	eq	version:	4.0.0.1390	Trust: 0.3
vendor:	adobe	model:	air sdk	scope:	eq	version:	3.9.0.1380	Trust: 0.3
vendor:	adobe	model:	air sdk	scope:	eq	version:	14.0.0.137	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.7.0.16600	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.7.0.15300	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	13.083	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	13.0111	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.71860	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.71660	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.71530	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.33610	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	4.0.0.1390	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	4	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.9.0.1380	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.9.0.1210	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.9.0.1060	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.9.0.1030	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.8.0.910	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.8.0.870	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.8.0.1430	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.7.0.2100	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.7.0.2090	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.6.0.6090	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.6.0.599	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.6.0.597	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.5.0.890	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.5.0.880	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.5.0.600	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.5.0.1060	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.4.0.2710	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.4.0.2540	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.3.0.3690	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.3.0.3670	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.3.0.3650	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2080	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.207	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.488	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.485	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0.0.4080	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0.0.408	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.19610	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.1961	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.19530	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.1953	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.19480	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.1948	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19140	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.0.19140	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.0.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1.17730	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.0.16600	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3.13070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	14.0.0.137	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1.8210	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.0.7220	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1.0.5790	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.01	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0.8.4990	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0.4990	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	ne	version:	14.0179	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	ne	version:	14.0177	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	ne	version:	14.0176	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	ne	version:	11.2.202400	Trust: 0.3
vendor:	adobe	model:	air sdk	scope:	ne	version:	14.0178	Trust: 0.3
vendor:	adobe	model:	air	scope:	ne	version:	14.0179	Trust: 0.3
vendor:	adobe	model:	air	scope:	ne	version:	14.0178	Trust: 0.3

sources: BID: 69320 // JVNDB: JVNDB-2014-003851 // CNNVD: CNNVD-201408-298 // NVD: CVE-2014-5333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-5333
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-5333
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201408-298
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-73274
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-5333
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2014-5333
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-73274
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-73274 // JVNDB: JVNDB-2014-003851 // CNNVD: CNNVD-201408-298 // NVD: CVE-2014-5333

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-73274 // JVNDB: JVNDB-2014-003851 // NVD: CVE-2014-5333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-298

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201408-298

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003851

PATCH

title:	APSB14-18	url:	http://helpx.adobe.com/security/products/flash-player/apsb14-18.html	Trust: 0.8
title:	APSB14-18	url:	http://helpx.adobe.com/jp/security/products/flash-player/apsb14-18.html	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2014/08/stable-channel-update.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	url:	https://technet.microsoft.com/en-us/library/security/2755801	Trust: 0.8
title:	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	https://technet.microsoft.com/ja-jp/library/security/2755801	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140814f.html	Trust: 0.8
title:	flashplayer_13_plugin_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51207	Trust: 0.6
title:	AdobeAIRInstaller-14.0.0.178	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51211	Trust: 0.6
title:	flashplayer_13_ax_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51206	Trust: 0.6
title:	flashplayer_11_plugin_debug.i386	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51210	Trust: 0.6
title:	AIRSDK_Compiler-14.0.0.178	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51214	Trust: 0.6
title:	AdobeAIR-14.0.0.178	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51212	Trust: 0.6
title:	flashplayer_14_plugin_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51209	Trust: 0.6
title:	AIRSDK_Compiler-14.0.0.178	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51213	Trust: 0.6
title:	flashplayer_14_ax_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51208	Trust: 0.6

sources: JVNDB: JVNDB-2014-003851 // CNNVD: CNNVD-201408-298

EXTERNAL IDS

db:	NVD	id:	CVE-2014-5333	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-003851	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-298	Trust: 0.7
db:	BID	id:	69320	Trust: 0.4
db:	VULHUB	id:	VHN-73274	Trust: 0.1

sources: VULHUB: VHN-73274 // BID: 69320 // JVNDB: JVNDB-2014-003851 // CNNVD: CNNVD-201408-298 // NVD: CVE-2014-5333

REFERENCES

url:	http://miki.it/blog/2014/8/15/adobe-really-fixed-rosetta-flash-today/	Trust: 2.8
url:	http://helpx.adobe.com/security/products/flash-player/apsb14-18.html	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95418	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5333	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140813-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140032.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5333	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=14338	Trust: 0.8
url:	http://www.adobe.com/products/air/	Trust: 0.3
url:	https://www.adobe.com/software/flash/about/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3

sources: VULHUB: VHN-73274 // BID: 69320 // JVNDB: JVNDB-2014-003851 // CNNVD: CNNVD-201408-298 // NVD: CVE-2014-5333

CREDITS

Michele Spagnuolo

Trust: 0.3

sources: BID: 69320

SOURCES

db:	VULHUB	id:	VHN-73274
db:	BID	id:	69320
db:	JVNDB	id:	JVNDB-2014-003851
db:	CNNVD	id:	CNNVD-201408-298
db:	NVD	id:	CVE-2014-5333

LAST UPDATE DATE

2024-11-23T22:52:51.031000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-73274	date:	2017-09-08T00:00:00
db:	BID	id:	69320	date:	2014-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-003851	date:	2014-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201408-298	date:	2015-06-10T00:00:00
db:	NVD	id:	CVE-2014-5333	date:	2024-11-21T02:11:51.340

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-73274	date:	2014-08-19T00:00:00
db:	BID	id:	69320	date:	2014-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-003851	date:	2014-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201408-298	date:	2014-08-21T00:00:00
db:	NVD	id:	CVE-2014-5333	date:	2014-08-19T11:16:59.853