CVE-2015-5571: CSRF

First published: Tue Sep 22 2015(Updated: )

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333.

Credit: psirt@adobe.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/references
• agent/author
• agent/remedy
• agent/severity
• agent/description
• agent/first-publish-date
• agent/event
• agent/source
• agent/weakness
• agent/tags
• agent/softwarecombine
• collector/nvd-index
• agent/software-canonical-lookup-request
• vendor/adobe
• canonical/adobe flash player for internet explorer 11
• version/adobe flash player for internet explorer 11/11.2.202.508
• vendor/linux
• canonical/linux kernel
• canonical/adobe air
• version/adobe air/18.0.0.199
• canonical/adobe air sdk and compiler
• version/adobe air sdk and compiler/18.0.0.199
• canonical/adobe air sdk & compiler
• version/adobe air sdk & compiler/18.0.0.180
• vendor/apple
• canonical/macos yosemite
• vendor/microsoft
• canonical/microsoft windows
• version/adobe flash player for internet explorer 11/13.0.0.289
• version/adobe flash player for internet explorer 11/14.0.0.125
• version/adobe flash player for internet explorer 11/14.0.0.145
• version/adobe flash player for internet explorer 11/14.0.0.176
• version/adobe flash player for internet explorer 11/14.0.0.179
• version/adobe flash player for internet explorer 11/15.0.0.152
• version/adobe flash player for internet explorer 11/15.0.0.167
• version/adobe flash player for internet explorer 11/15.0.0.189
• version/adobe flash player for internet explorer 11/15.0.0.223
• version/adobe flash player for internet explorer 11/15.0.0.239
• version/adobe flash player for internet explorer 11/15.0.0.246
• version/adobe flash player for internet explorer 11/16.0.0.235
• version/adobe flash player for internet explorer 11/16.0.0.257
• version/adobe flash player for internet explorer 11/16.0.0.287
• version/adobe flash player for internet explorer 11/16.0.0.296
• version/adobe flash player for internet explorer 11/17.0.0.134
• version/adobe flash player for internet explorer 11/17.0.0.169
• version/adobe flash player for internet explorer 11/17.0.0.188
• version/adobe flash player for internet explorer 11/17.0.0.190
• version/adobe flash player for internet explorer 11/17.0.0.191
• version/adobe flash player for internet explorer 11/18.0.0.160
• version/adobe flash player for internet explorer 11/18.0.0.194
• version/adobe flash player for internet explorer 11/18.0.0.203
• version/adobe flash player for internet explorer 11/18.0.0.209
• version/adobe flash player for internet explorer 11/18.0.0.232
• version/adobe air/18.0.0.143
• vendor/google
• canonical/google android