CVE-2015-5119 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-5119
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. Vulnerabilidad de uso después de liberación de memoria en la clase ByteArray en la implementación ActionScript 3 (AS3) en Adobe Flash Player 13.x hasta la versión 13.0.0.296 y 14.x hasta la versión 18.0.0.194 en Windows y OS X y 11.x hasta la versión 11.2.202.468 en Linux permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de contenido Flash manipulado que anula una función valueOf, según se ha explotado activamente en julio de 2015. A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. • https://www.exploit-db.com/exploits/37523 https://github.com/jvazquez-r7/CVE-2015-5119 https://github.com/dangokyo/CVE-2015-5119 http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html http://lists.opensuse • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2015-3125 – Adobe Flash Sound Universal Cross Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2015-3125
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116. Vulnerabilidad descubierta en las versiones de Adobe Flash Player anteriores a la 13.0.0.302 y la 14.x hasta la 18.x anterior a 18.0.0.203 para Windows y OS X y la anterior a la 11.2.202.481 en Linux, en Adobe AIR en la versión anterior a la 18.0.0.180, en Adobe AIR SDK en la versión anterior a la 18.0.0.180 y en Adobe AIR SDK y en la compilacion anterior a la versión 18.0.0.180 permite que los atacantes remotos puedan eludir la política del mismo origen a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, y CVE-2015-5116. This vulnerability allows remote attackers to read arbitrary data on vulnerable Adobe Flash installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Sound objects. A remote attacker can run arbitrary script in the context of any domain. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1214.html http://www.securityfocus.com/bid/75594 http://www.securitytracker.com/id/1032810 https://helpx.adobe.com/security/products/flash-player/apsb15-16.html https://security.gentoo.org/glsa/201507-13 https://access.redhat.com/security/cve/CVE-2015-3125 https://bugzilla.redhat.com/show_bug.c • CWE-284: Improper Access Control •
CVE-2015-3113 – Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2015-3113
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player anterior a 13.0.0.296 y 14.x hasta 18.x anterior a 18.0.0.194 en Windows y OS X y anterior a 11.2.202.468 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, tal y como fue utilizado activamente en junio del 2015. Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/37536 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.html http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://rhn.redhat.com/errata/RHSA-2015-1184.html http://www.securityfocus.com/bid/75371 http://www.securitytracker.com/id/1032696 https://bugzilla.redhat.com/show_bug. • CWE-787: Out-of-bounds Write •
CVE-2015-3105 – Adobe Flash Player - Drawing Fill Shader Memory Corruption
https://notcve.org/view.php?id=CVE-2015-3105
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a 13.0.0.292 y 14.x hasta 18.x anterior a 18.0.0.160 en Windows y OS X y anterior a 11.2.202.466 en Linux, Adobe AIR anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X y Android, Adobe AIR SDK anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X, y Adobe AIR SDK & Compiler anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • https://www.exploit-db.com/exploits/37448 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html http://rhn.redhat.com/errata/RHSA-2015-1086.html http://www.securityfocus.com/bid/75086 http://www.securitytracker.com/id/1032519 https://helpx.adobe.com/security/products/flash-player/apsb15-11.html https://security.gentoo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3103 – flash-plugin: multiple code execution issues fixed in APSB15-11
https://notcve.org/view.php?id=CVE-2015-3103
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.292 y 14.x hasta 18.x anterior a 18.0.0.160 en Windows y OS X y anterior a 11.2.202.466 en Linux, Adobe AIR anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X y Android, Adobe AIR SDK anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X, y Adobe AIR SDK & Compiler anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3106 y CVE-2015-3107. • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html http://rhn.redhat.com/errata/RHSA-2015-1086.html http://www.securityfocus.com/bid/75087 http://www.securitytracker.com/id/1032519 https://helpx.adobe.com/security/products/flash-player/apsb15-11.html https://security.gentoo.org/glsa/201506-01 https://access.redhat. •