Adobe Flash Player and AIR cross-site scripting (CVE-2014-0531)
Release date:
Updated on:
Affected Systems:
Adobe Flash Player 13.x
Adobe AIR 13.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67962
CVE (CAN) ID: CVE-2014-0531
Adobe Flash Player is an integrated multimedia Player. Adobe AIR is a technology developed based on the combination of network and desktop applications. It can control cloud programs on the network without having to use a browser.
Adobe Flash Player 13.0.0.223, 14.0.0.125 (Windows/OS X) and 11.2.202.378 (Linux) previous versions, versions earlier than Adobe AIR 14.0.0.110, versions earlier than Adobe air sdk 14.0.0.110, and versions earlier than Adobe air sdk & Compiler 14.0.0.110 have security vulnerabilities. Attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML.
<* Source: Erling Ellingsen
Link: http://secunia.com/advisories/58465/
Http://helpx.adobe.com/security/products/flash-player/apsb14-16.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Adobe
-----
Adobe has released a Security Bulletin (APSB14-16) and patches for this:
APSB14-16: Security updates available for Adobe Flash Player
Link: http://helpx.adobe.com/security/products/flash-player/apsb14-16.html
This article permanently updates the link address: