CVE-2013-0643 – Adobe Flash Player Incorrect Default Permissions Vulnerability
https://notcve.org/view.php?id=CVE-2013-0643
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. El sandbox de Firefox para Adobe Flash Player antes de v10.3.183.67 y v11.x abtes de v11.6.602.171 para Windows y Mac OS X, y antes de v10.3.183.67 y v11.x antes de 11.2.202.273 para Linux, no restringe correctamente los privilegios lo que facilita a atacantes remotos ejecutar código arbitrario por contenidos SWF hechos a mano, como se explotó en febrero de 2013. Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00035.html http://rhn.redhat.com/errata/RHSA-2013-0574.html http://www.adobe.com/support/security/bulletins/apsb13-08.html https://access.redhat.com/security/cve/CVE-2013-0643 https://bugzilla.redhat.com/show_bug.cgi?id=915964 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVE-2013-1370 – flash-plugin: multiple code execution flaws (APSB13-05)
https://notcve.org/view.php?id=CVE-2013-1370
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373. Desbordamiento de buffer en Adobe Flash Player v10.3.183.63 y antes de v11.x antes de v11.6.602.168 en Windows, antes de v10.3.183.61 y v11.x antes de v11.6.602.167 en Mac OS X, antes de v10.3.183.61 y v11.x antes de v11.2.202.270 en Linux, antes de v11.1.111.43 en Android v2.x y v3.x, y antes de v11.1.115.47 en Android v4.x, Adobe AIR antes de v3.6.0.597, y Adobe AIR SDK antes de v3.6.0.599 permite a los atacantes ejecutar código a través de vectores sin especificar no especificados, una vulnerabilidad diferente a CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE -2013-1372, y CVE-2013 1373. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0254.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.us-cert.gov/cas/techalerts/TA13-043A.html https://access.redhat.com/security/cve/CVE-2013-1370 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1374 – flash-plugin: multiple code execution flaws (APSB13-05)
https://notcve.org/view.php?id=CVE-2013-1374
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649. Vulnerabilidad después de la liberación en Adobe Flash Player v10.3.183.63 y antes de v11.x antes de v11.6.602.168 en Windows, antes de v10.3.183.61 y v11.x antes de v11.6.602.167 en Mac OS X, antes de v10.3.183.61 y v11.x antes de v11.2.202.270 en Linux, antes de v11.1.111.43 en Android v2.x y v3.x, y antes de v11.1.115.47 en Android v4.x, Adobe AIR antes de v3.6.0.597, y Adobe AIR SDK antes de v3.6.0.599 permite a los atacantes ejecutar código arbitrario a través de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-0644 y CVE-2013-0649. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0254.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.us-cert.gov/cas/techalerts/TA13-043A.html https://access.redhat.com/security/cve/CVE-2013-1374 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-399: Resource Management Errors •
CVE-2013-1373 – flash-plugin: multiple code execution flaws (APSB13-05)
https://notcve.org/view.php?id=CVE-2013-1373
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372. Desbordamiento de buffer en Adobe Flash Player v10.3.183.63 y antes de v11.x antes de v11.6.602.168 en Windows, antes de v10.3.183.61 y v11.x antes de v11.6.602.167 en Mac OS X, antes de v10.3.183.61 y v11.x antes de v11.2.202.270 en Linux, antes de v11.1.111.43 en Android v2.x y v3.x, y antes de v11.1.115.47 en Android v4.x, Adobe AIR antes de v3.6.0.597, y Adobe AIR SDK antes de v3.6.0.599 permite a los atacantes ejecutar código arbitrario a través de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, y CVE-2013-1372. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0254.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.us-cert.gov/cas/techalerts/TA13-043A.html https://access.redhat.com/security/cve/CVE-2013-1373 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0649 – flash-plugin: multiple code execution flaws (APSB13-05)
https://notcve.org/view.php?id=CVE-2013-0649
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-1374. Vulnerabilidad de uso después de liberación en Adobe Flash Player v10.3.183.63 y antes v11.x antes v11.6.602.168 en Windows, antes v10.3.183.61 y v11.x antes v11.6.602.167 en Mac OS X, antes v10.3.183.61 y v11.x antes v11.2.202.270 en Linux, antes v11.1.111.43 en Android v2.x y v3.x, y antes v11.1.115.47 en Android v4.x; Adobe AIR antes v3.6.0.597, y Adobe AIR SDK antes v3.6.0.599 permite a los atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2013-0644 y CVE-2013 1374. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0254.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.us-cert.gov/cas/techalerts/TA13-043A.html https://access.redhat.com/security/cve/CVE-2013-0649 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-399: Resource Management Errors •