CVSS: 9.3EPSS: 8%CPEs: 46EXPL: 0CVE-2009-3794 – Adobe Flash Player JPEG Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3794
09 Dec 2009 — Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file. Desbordamiento del búfer de la pila en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecutar código arbitrario a través de las dimensiones manipuladas de datos JPEG en un fichero SWF. This vulnerability allows remote attackers to execute arbitrary code on v... • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 12%CPEs: 46EXPL: 0CVE-2009-3799 – Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3799
09 Dec 2009 — Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers." Desbordamiento de entero en la funcion Verifier::parseExceptionHandlers en Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 permite a atacantes remotos ejecut... • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2008-5108
https://notcve.org/view.php?id=CVE-2008-5108
17 Nov 2008 — Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors. Vulnerabilidad sin especificar en Adobe AIR 1.1 y anteriores permite ejecutar código JavaScript no confiable a atacantes locales o remotos dependiendo del contexto en una aplicación AIR a través de vectores de ataque desconocidos. • http://osvdb.org/49915 • CWE-94: Improper Control of Generation of Code ('Code Injection') •