Vulnerability Details : CVE-2014-4671
Public exploit exists!
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2014-4671
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4671
6.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-4671
-
Flash "Rosetta" JSONP GET/POST Response Disclosure
Disclosure Date: 2014-07-08First seen: 2020-04-26auxiliary/gather/flash_rosetta_jsonp_url_disclosureA website that serves a JSONP endpoint that accepts a custom alphanumeric callback of 1200 chars can be abused to serve an encoded swf payload that steals the contents of a same-domain URL. Flash < 14.0.0.145 is required. This module spins up a web server that, upon
CVSS scores for CVE-2014-4671
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-4671
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4671
-
http://security.gentoo.org/glsa/glsa-201407-02.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 201407-02) — Gentoo security
-
http://helpx.adobe.com/security/products/flash-player/apsb14-17.html
Adobe Security BulletinVendor Advisory
-
http://www.securityfocus.com/bid/68457
Adobe Flash Player and AIR CVE-2014-4671 Unspecified Security Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2014-0860.html
RHSA-2014:0860 - Security Advisory - Red Hat Customer Portal
-
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
Michele Spagnuolo - BlogExploit
-
http://www.securitytracker.com/id/1030533
Adobe Flash Bugs Permit Cross-Site Requeset Forgery Attacks and Let Remote Users Bypass Security Controls - SecurityTracker
Jump to