CVE-2016-0986 – flash-plugin: multiple code execution issues fixed in APSB16-08
https://notcve.org/view.php?id=CVE-2016-0986
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002 y CVE-2016-1005. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84311 http://www.securitytracker.com/id/1035251 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html https://security.gentoo.org/glsa/201603-07 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0961 – flash-plugin: multiple code execution issues fixed in APSB16-08
https://notcve.org/view.php?id=CVE-2016-0961
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002 y CVE-2016-1005. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84311 http://www.securitytracker.com/id/1035251 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html https://security.gentoo.org/glsa/201603-07 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0994 – Adobe Flash AS2 actionCallMethod Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0994
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999 y CVE-2016-1000. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the actionCallMethod opcode. By manipulating the arguments passed to the actionCallMethod opcode, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84312 http://www.securitytracker.com/id/1035251 http://www.zerodayinitiative.com/advisories/ZDI-16-194 https://helpx.adobe.com/security/products/flash-player/apsb16-08.h • CWE-416: Use After Free •
CVE-2016-0996 – Adobe Flash setInterval Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0996
Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Vulnerabilidad de uso después de liberación de memoria en el método setInterval en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de argumentos manipulados, una vulnerabilidad diferente a CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999 y CVE-2016-1000. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setInterval method. By calling setInterval with specific arguments, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84312 http://www.securitytracker.com/id/1035251 http://www.zerodayinitiative.com/advisories/ZDI-16-193 https://helpx.adobe.com/security/products/flash-player/apsb16-08.h • CWE-416: Use After Free •
CVE-2016-1005 – Adobe Flash MPEG-4 Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1005
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992 y CVE-2016-1002. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within MPEG-4 parsing. A specially crafted MP4 file can force the dereference of an uninitialized pointer. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84311 http://www.securitytracker.com/id/1035251 http://www.zerodayinitiative.com/advisories/ZDI-16-192 https://helpx.adobe.com/security/products/flash-player/apsb16-08.h • CWE-824: Access of Uninitialized Pointer •