Adobe.Flash.JSONP.Callback.API.Abuse.Code.Injection
Description
This indicates an attack attempt to exploit a Security Bypass vulnerability in Adobe Flash Player.
The vulnerability is due to an error when the vulnerable software handles a JSONP call with a maliciously crafted flash file. A remote attacker may be able to exploit this to perform CSRF.
Affected Products
Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh 14.0.0.145 Flash Player Download Center
Flash Player 14.0.0.125 and earlier versions (network distribution) 14.0.0.145
Flash Player 11.2.202.378 and earlier for Linux 11.2.202.394 Flash Player Download Center
Flash Player 14.0.0.125 and earlier for Chrome (Windows, Macintosh and Linux) 14.0.0.145
Flash Player 14.0.0.125 and earlier in Internet Explorer 10 for Windows 8.0 14.0.0.145
Flash Player 14.0.0.125 and earlier in Internet Explorer 11 for Windows 8.1 14.0.0.145
AIR 14.0.0.110 SDK & Compiler and earlier versions 14.0.0.137 AIR SDK Download
AIR 14.0.0.110 SDK and earlier versions 14.0.0.137
AIR 14.0.0.110 and earlier versions for Android 14.0.0.137 Google Play
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://helpx.adobe.com/security/products/flash-player/apsb14-17.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |