Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2014-5333

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671.

  • Published: Aug 19, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-5333
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
adobe / adobe_air - 14.0.0.137.x
adobe / adobe_air 13.0.0.83 13.0.0.83.x
adobe / adobe_air 13.0.0.111 13.0.0.111.x
adobe / adobe_air 14.0.0.110 14.0.0.110.x
adobe / flash_player - 13.0.0.231.x
adobe / flash_player 13.0.0.182 13.0.0.182.x
adobe / flash_player 13.0.0.201 13.0.0.201.x
adobe / flash_player 13.0.0.206 13.0.0.206.x
adobe / flash_player 13.0.0.214 13.0.0.214.x
adobe / flash_player 13.0.0.223 13.0.0.223.x
adobe / flash_player 14.0.0.125 14.0.0.125.x
adobe / flash_player 14.0.0.145 14.0.0.145.x
adobe / adobe_air_sdk 13.0.0.111 13.0.0.111.x
adobe / adobe_air_sdk 13.0.0.83 13.0.0.83.x
adobe / adobe_air_sdk - 14.0.0.137.x
adobe / adobe_air_sdk 14.0.0.110 14.0.0.110.x
adobe / flash_player - 11.2.202.394.x
adobe / flash_player 11.2.202.223 11.2.202.223.x
adobe / flash_player 11.2.202.228 11.2.202.228.x
adobe / flash_player 11.2.202.233 11.2.202.233.x
adobe / flash_player 11.2.202.235 11.2.202.235.x
adobe / flash_player 11.2.202.236 11.2.202.236.x
adobe / flash_player 11.2.202.238 11.2.202.238.x
adobe / flash_player 11.2.202.243 11.2.202.243.x
adobe / flash_player 11.2.202.251 11.2.202.251.x
adobe / flash_player 11.2.202.258 11.2.202.258.x
adobe / flash_player 11.2.202.261 11.2.202.261.x
adobe / flash_player 11.2.202.262 11.2.202.262.x
adobe / flash_player 11.2.202.270 11.2.202.270.x
adobe / flash_player 11.2.202.273 11.2.202.273.x
adobe / flash_player 11.2.202.275 11.2.202.275.x
adobe / flash_player 11.2.202.280 11.2.202.280.x
adobe / flash_player 11.2.202.285 11.2.202.285.x
adobe / flash_player 11.2.202.291 11.2.202.291.x
adobe / flash_player 11.2.202.297 11.2.202.297.x
adobe / flash_player 11.2.202.310 11.2.202.310.x
adobe / flash_player 11.2.202.332 11.2.202.332.x
adobe / flash_player 11.2.202.335 11.2.202.335.x
adobe / flash_player 11.2.202.336 11.2.202.336.x
adobe / flash_player 11.2.202.341 11.2.202.341.x
adobe / flash_player 11.2.202.346 11.2.202.346.x
adobe / flash_player 11.2.202.350 11.2.202.350.x
adobe / flash_player 11.2.202.356 11.2.202.356.x
adobe / flash_player 11.2.202.359 11.2.202.359.x
adobe / flash_player 11.2.202.378 11.2.202.378.x
adobe / adobe_air - 14.0.0.110.x