CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1864 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1864
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http://www.adobe.com/support/secu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1867 – flash-plugin: multiple information disclosure flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1867
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite que atacantes engañen al usuario para (1) pulsar en un enlace o (2) completar un diálogo, relacionado con una vulnerabilidad de "clickjacking". • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/56775 http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 1CVE-2009-1868 – Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1868
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados relacionados con el análisis sintáctico de una URL. • https://www.exploit-db.com/exploits/33133 http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/56776 http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 40EXPL: 0CVE-2009-1863 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1863
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." Vulnerabilidad no especificada en Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados, relacionados con una vulnerabilidad de escalada de privilegios. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http://www.adobe.com/support/secu • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2009-0522
https://notcve.org/view.php?id=CVE-2009-0522
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Adobe Flash Player 9.x antes de la 9.0.159.0 y 10.x antes de la 10.0.22.87 sobre Windows permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de una manipulación no especificada de la "pantalla el puntero del ratón", relacionada con un "ataque de Clickjacking ". • http://isc.sans.org/diary.html?storyid=5929 http://secunia.com/advisories/34012 http://securitytracker.com/id?1021752 http://www.adobe.com/support/security/bulletins/apsb09-01.html http://www.vupen.com/english/advisories/2009/0513 https://exchange.xforce.ibmcloud.com/vulnerabilities/48903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674 •