CVSS: 9.3EPSS: 90%CPEs: 13EXPL: 1CVE-2017-2992 – Adobe Flash - MP4 AMF Parsing Overflow
https://notcve.org/view.php?id=CVE-2017-2992
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de desbordamiento de memoria dinámica cuando se analiza una cabecera MP4. La explotación exitosa podría conducir a la ejecución de código arbitrario. Adobe Flash suffers from an overflow vulnerability during MP4 AMF parsing. • https://www.exploit-db.com/exploits/41420 http://rhn.redhat.com/errata/RHSA-2017-0275.html http://www.securityfocus.com/bid/96193 http://www.securitytracker.com/id/1037815 https://helpx.adobe.com/security/products/flash-player/apsb17-04.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2992 https://bugzilla.redhat.com/show_bug.cgi?id=1422237 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 0CVE-2017-2993 – flash-plugin: multiple code execution issues fixed in APSB17-04
https://notcve.org/view.php?id=CVE-2017-2993
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de uso después de liberación relacionado con controladores de eventos. La explotación exitosa podría conducir a la ejecución de código arbitrario. • http://rhn.redhat.com/errata/RHSA-2017-0275.html http://www.securityfocus.com/bid/96199 http://www.securitytracker.com/id/1037815 https://helpx.adobe.com/security/products/flash-player/apsb17-04.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2993 https://bugzilla.redhat.com/show_bug.cgi?id=1422237 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 0CVE-2017-2994 – Adobe Flash PSDKEvent Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2994
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de uso después de liberación en el envío de eventos de Primetime SDK. La explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2017-0526.html http://www.securityfocus.com/bid/96199 http://www.securitytracker.com/id/1037815 https://helpx.adobe.com/security/products/flash-player/apsb17-04.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2994 https://bugzilla.redhat.com/show_bug.cgi?id=1432200 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 2%CPEs: 13EXPL: 0CVE-2017-2996 – flash-plugin: multiple code execution issues fixed in APSB17-04
https://notcve.org/view.php?id=CVE-2017-2996
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de corrupción de memoria en Primetime SDK. La explotación exitosa podría conducir a la ejecución de código arbitrario. • http://rhn.redhat.com/errata/RHSA-2017-0275.html http://www.securityfocus.com/bid/96190 http://www.securitytracker.com/id/1037815 https://helpx.adobe.com/security/products/flash-player/apsb17-04.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2996 https://bugzilla.redhat.com/show_bug.cgi?id=1422237 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 0CVE-2017-2995 – Adobe Flash Player MessageChannel Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2995
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de confusión de tipo relacionada con la clase MessageChannel. La explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2017-0275.html http://www.securityfocus.com/bid/96191 http://www.securitytracker.com/id/1037815 https://helpx.adobe.com/security/products/flash-player/apsb17-04.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2995 https://bugzilla.redhat.com/show_bug.cgi?id=1422237 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •