Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.

- Security update to 11.2.202.394 (bnc#886472) :

  - APSB14-17, CVE-2014-0537, CVE-2014-0539, CVE-2014-4671

  - License update (LICENSE -> Flash%20Player_14.0.pdf).

flash-player was updated to version 11.2.202.394 to fix security protection bypass issues. (CVE-2014-0537 / CVE-2014-0539 / CVE-2014-4671)

The remote Redhat Enterprise Linux 5 / 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2014:0860 advisory.

    The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash     Player web browser plug-in.

    This update fixes multiple vulnerabilities in Adobe Flash Player. These     vulnerabilities are detailed in the Adobe Security Bulletin APSB14-17,     listed in the References section.

    Multiple flaws were found in the way flash-plugin displayed certain SWF     content. An attacker could use these flaws to create a specially crafted     SWF file that would cause flash-plugin to crash or, potentially, execute     arbitrary code when the victim loaded a page containing the malicious SWF     content. (CVE-2014-0537, CVE-2014-0539)

    This update also fixes a flaw that would lead to Cross-Site Request Forgery     (CSRF) attacks. (CVE-2014-4671)

    All users of Adobe Flash Player should install this updated package, which     upgrades Flash Player to version 11.2.202.394.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201407-02 (Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Versions of Adobe AIR earlier than 14.0.0.137 are affected by the following vulnerabilities :

 - A flaw exists as data from JSONP callback APIs is insufficiently validated. With specially crafted SWF file content passed as a JSONP callback and then reflected by a vulnerable JSONP endpoint on a site, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack, causing the victim to perform various actions supported by the affected site. (CVE-2014-4671, CVE-2014-5333)
 - Multiple unspecified errors exist that could allow unspecified security bypass attacks. (CVE-2014-0537, CVE-2014-0539)

Versions of Flash player earlier than 14.0.0.145 (or 13.0.0.231, for machines that cannot use the 14.x version) are unpatched for the following vulnerabilities:

  - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. (CVE-2014-4671)

  - Multiple unspecified errors exist that could allow unspecified security bypass attacks. (CVE-2014-0537, CVE-2014-0539)

The remote host is missing KB2974008. It is, therefore, affected by the following vulnerabilities :

  - A CSRF bypassing Same Origin Policy vulnerability     exists that could leak potentially sensitive data.
    (CVE-2014-4671)

  - Multiple unspecified errors exist that could allow     unspecified security bypass attacks. (CVE-2014-0537,     CVE-2014-0539)

According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 14.0.0.125. It is, therefore, affected by the following vulnerabilities :

  - A CSRF bypassing Same Origin Policy vulnerability     exists that could leak potentially sensitive data.
    (CVE-2014-4671)

  - Multiple unspecified errors exist that could allow     unspecified security bypass attacks. (CVE-2014-0537,     CVE-2014-0539)

According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 14.0.0.125. It is, therefore, affected by the following vulnerabilities :

  - A CSRF bypassing Same Origin Policy vulnerability     exists that could leak potentially sensitive data.
    (CVE-2014-4671)

  - Multiple unspecified errors exist that could allow     unspecified security bypass attacks. (CVE-2014-0537,     CVE-2014-0539)

ID	Name	Product	Family	Severity
76546	openSUSE Security Update : flash-player (openSUSE-SU-2014:0903-1)	Nessus	SuSE Local Security Checks	high
76500	SuSE 11.3 Security Update : flash-player (SAT Patch Number 9508)	Nessus	SuSE Local Security Checks	high
76444	RHEL 5 / 6 : flash-plugin (RHSA-2014:0860)	Nessus	Red Hat Local Security Checks	high
76434	GLSA-201407-02 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
8327	Adobe AIR < 14.0.0.137 Multiple Vulnerabilities (APSB14-17)	Nessus Network Monitor	Web Clients	critical
8325	Flash Player < 14.0.0.145 Multiple Vulnerabilities (APSB14-17)	Nessus Network Monitor	Web Clients	high
76416	MS KB2974008: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer	Nessus	Windows	high
76415	Flash Player for Mac <= 14.0.0.125 Multiple Vulnerabilities (APSB14-17)	Nessus	MacOS X Local Security Checks	high
76413	Flash Player <= 14.0.0.125 Multiple Vulnerabilities (APSB14-17)	Nessus	Windows	high

Detections

Analytics

CVE-2014-4671

high

Tenable Plugins

high

high

high

high

critical

high

high

high

high