CVE-2014-4671

Adobe Flash Player <14.0.0.145 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-4671. PoCs published by cph, Michele Spagnuolo, joev, including Metasploit module auxiliary/gather/flash_rosetta_jsonp_url_disclosure.

AI-analyzed exploit summary This repository contains documentation and test fixtures for RABL, a Ruby templating system for generating JSON/XML APIs. It does not include exploit code but provides context for CVE-2024-4671, which likely involves RABL's template rendering vulnerabilities.

Description

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.

Exploits (2)

nomisec WRITEUP
by cph · poc
https://github.com/cph/rabl-old

This repository contains documentation and test fixtures for RABL, a Ruby templating system for generating JSON/XML APIs. It does not include exploit code but provides context for CVE-2024-4671, which likely involves RABL's template rendering vulnerabilities.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: RABL (Ruby API Builder Language) versions prior to fix
No auth needed
Prerequisites: RABL gem installed in a Rails/Padrino application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Michele Spagnuolo, joev · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb

This Metasploit module exploits a JSONP endpoint vulnerability in Flash versions prior to 14.0.0.145 to steal the contents of same-domain URLs. It uses the Rosetta Flash technique to encode an SWF payload that exfiltrates data via a crafted HTML page.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash < 14.0.0.145
No auth needed
Prerequisites: Vulnerable JSONP endpoint with long callback support · User interaction to visit malicious URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0860.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68457
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59774
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030533
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59837
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201407-02.xml

Scores

EPSS 0.3583
EPSS Percentile 97.2%

Details

CWE
CWE-352
Status published
Products (40)
adobe/adobe_air 13.0.0.83
adobe/adobe_air 13.0.0.111
adobe/adobe_air < 14.0.0.110
adobe/adobe_air_sdk 13.0.0.83
adobe/adobe_air_sdk 13.0.0.111
adobe/adobe_air_sdk < 14.0.0.110
adobe/flash_player 11.2.202.223
adobe/flash_player 11.2.202.228
adobe/flash_player 11.2.202.233
adobe/flash_player 11.2.202.235
... and 30 more
Published Jul 09, 2014
Tracked Since Feb 18, 2026