CVE-2013-0646 – flash-plugin: multiple code execution flaws (APSB13-09)
https://notcve.org/view.php?id=CVE-2013-0646
Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de entero en Adobe Flash Player anterior a v10.3.183.68 y v11.x before 11.6.602.180 en Windows y Mac OS X, anterior a v10.3.183.68 y v11.x anterior a v11.2.202.275 en Linux, anterior a v11.1.111.44 en Android v2.x yv 3.x, y anterior a v11.1.115.48 en Android v4.x; Adobe AIR anterior a v3.6.0.6090; Adobe AIR SDK anterior a v3.6.0.6090; y Adobe AIR SDK & Compiler anterior a v3.6.0.6090, permite a atacantes ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00021.html http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2013-0643.html http://www.adobe.com/support/security/bulletins/apsb13-09.html https://access.redhat.com/security/cve/CVE-2013-0646 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-189: Numeric Errors •
CVE-2013-0650 – flash-plugin: multiple code execution flaws (APSB13-09)
https://notcve.org/view.php?id=CVE-2013-0650
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad Use-after-free en Adobe Flash Player antes de v10.3.183.68 y v11.x antes v11.6.602.180 en Windows y Mac OS X, antes de v10.3.183.68 y v11.x antes de v11.2.202.275 en Linux, antes de v11.1.111.44 en Android v2.x y v3.x, y antes de v11.1.115.48 en Android v4.x, Adobe AIR antes de v3.6.0.6090; Adobe AIR SDK antes de v3.6.0.6090, y Adobe AIR SDK Compiler antes de v3.6.0.6090 permite a los atacantes ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00021.html http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2013-0643.html http://www.adobe.com/support/security/bulletins/apsb13-09.html https://access.redhat.com/security/cve/CVE-2013-0650 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-399: Resource Management Errors •
CVE-2013-2555 – Adobe Flash RTMP Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2555
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. Adobe Flash Player v11.6.602.171 en Windows permite a atacantes remotos ejecutar código arbitrario a través de vectores que aprovechan un "desbordamiento", como lo demuestra VUPEN durante un concurso Pwn2Own en CanSecWest 2013. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTMP data. The issue lies in the ability to exchange objects, allowing for an object confusion vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2013-0730.html http://twitter.com/VUP • CWE-190: Integer Overflow or Wraparound •
CVE-2013-0648 – Adobe Flash Player Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0648
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. Vulnerabilidad sin especificar en la funcionalidad ExternalInterface ActionScript de Adobe Flash Player antes de v10.3.183.67 y v11.x antes de v11.6.602.171 para Windows y Mac OS X, y antes de v10.3.183.67 y v11.x antes de v11.2.202.273 para Linux, que permite a atacantes remotos ejecutar código arbitrario con contenido SWF hecho a mano, como los explotados en febrero de 2013 Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html http://rhn.redhat.com/errata/RHSA-2013-0574.html http://www.adobe.com/support/security/bulletins/apsb13-08.html https://access.redhat.com/security/cve/CVE-2013-0648 https://bugzilla.redhat.com/show_bug.cgi?id=915961 •
CVE-2013-0504 – flash-plugin: multiple code execution flaws (APSB13-08)
https://notcve.org/view.php?id=CVE-2013-0504
Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento del de búfer en el servicio de agente en Adobe Flash Player antes de v10.3.183.67 y v11.x antes de v11.6.602.171 para Windows y Mac OS X, y antes de v10.3.183.67 y v11.x antes de v11.2.202.273 para Linux, que permite ataques de ejecución de código arbitrario usando vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html http://rhn.redhat.com/errata/RHSA-2013-0574.html http://www.adobe.com/support/security/bulletins/apsb13-08.html http://www.securityfocus.com/bid/58184 https://access.redhat.com/security/cve/CVE-2013-0504 https://bugzilla.redhat.com/show_bug.cgi?id=915961 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •