Adobe.Flash.JSONP.Callback.API.Abuse.Code.Injection

description-logoDescription

This indicates an attack attempt to exploit a Security Bypass vulnerability in Adobe Flash Player.
The vulnerability is due to an error when the vulnerable software handles a JSONP call with a maliciously crafted flash file. A remote attacker may be able to exploit this to perform CSRF.

affected-products-logoAffected Products

Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh 14.0.0.145 Flash Player Download Center
Flash Player 14.0.0.125 and earlier versions (network distribution) 14.0.0.145
Flash Player 11.2.202.378 and earlier for Linux 11.2.202.394 Flash Player Download Center
Flash Player 14.0.0.125 and earlier for Chrome (Windows, Macintosh and Linux) 14.0.0.145
Flash Player 14.0.0.125 and earlier in Internet Explorer 10 for Windows 8.0 14.0.0.145
Flash Player 14.0.0.125 and earlier in Internet Explorer 11 for Windows 8.1 14.0.0.145
AIR 14.0.0.110 SDK & Compiler and earlier versions 14.0.0.137 AIR SDK Download
AIR 14.0.0.110 SDK and earlier versions 14.0.0.137
AIR 14.0.0.110 and earlier versions for Android 14.0.0.137 Google Play

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://helpx.adobe.com/security/products/flash-player/apsb14-17.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)