Information disclosure vulnerability in Adobe Flash Player via a crafted OBJECT element (rpm)ID: oval:org.secpod.oval:def:26840 | Date: (C)2015-09-29 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Adobe Flash Player before 11.2.202.521 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which do not properly restrict the SWF file format. Successful exploitation could allow attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information.
Product: |
Adobe Flash Player |