CVSS: 9.3EPSS: 97%CPEs: 156EXPL: 4CVE-2010-3654 – Adobe Flash Player "Button" Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-3654
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. Flash Player de Adobe anterior a versión 9.0.289.0 y versiones 10.x anteriores a 10.1.102.64 en Windows, Mac OS X, Linux y Solaris y versión 10.1.95.1 en Android, y authplay.dll (también se conoce como AuthPlayLib.bundle o libauthplay.so.0.0.0) en Reader y Acrobat de Adobe versiones 9.x hasta 9.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de contenido SWF diseñado, como se explotó “in the wild” en octubre de 2010. • https://www.exploit-db.com/exploits/17187 https://www.exploit-db.com/exploits/16667 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html http://secunia.com/advisorie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 67EXPL: 0CVE-2010-2169 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2169
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors. Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64 y Adobe AIR anterior a v2.0.2.12610, permiten a los atacantes a provocar una denegación de servicio (corrupción de la memoria de puntero) o puede que ejecutar código de su elección a través de vectores no especificados. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 67EXPL: 0CVE-2010-2170 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2170
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183. Un desbordamiento de entero en Adobe Flash Player v9.0.277.0 y v10.x antes de v10.1.53.64, y Adobe AIR antes v2.0.2.12610, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2010-2170 y CVE- 2010-2181. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085&# • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 1%CPEs: 67EXPL: 0CVE-2010-2173 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2173
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174. Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64, y Adobe AIR anterior a v2.0.2.12610, puede permitir a atacantes ejecutar código de su elección a través de vectores sin especificar, relacionados con una "vulnerabilidad de puntero inválido". Una vulnerabilidad distinta a CVE-2010-2174. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 67EXPL: 0CVE-2010-2166 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2166
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. Adobe Flash Player v9.0.277.0 y v10.x antes de v10.1.53.64, y Adobe AIR antes de v2.0.2.12610, permiten a atacantes provocar una denegación de servicio (mediante corrupción de memoria) o posiblemente ejecutar código arbitrario a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE -2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010 -2182, CVE-2010-2184, CVE-2010-2187, y CVE-2010-2188. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •