The host is installed with Adobe Flash Player before 13.0.0.231 or 14.x before 14.0.0.145 and is prone to a cross-site request forgery attacks vulnerability. A flaw is present in the applications, which fail to handle a crafted OBJECT element with SWF content. Successful exploitation could allow remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints