CVE-2014-0503 – flash-plugin: same origin policy bypass (APSB14-08)
https://notcve.org/view.php?id=CVE-2014-0503
Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Adobe Flash Player anterior a 11.7.700.272 y 11.8.x hasta 12.0.x anterior a 12.0.0.77 en Windows y OS X, y anterior a 11.2.202.346 en Linux, permite a atacantes remotos evadir Same Origin Policy a través de vectores no especificados. • http://helpx.adobe.com/security/products/flash-player/apsb14-08.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html http://rhn.redhat.com/errata/RHSA-2014-0289.html http://security.gentoo.org/glsa/glsa-201405-04.xml https://access.redhat.com/security/cve/CVE-2014-0503 https://bugzilla.redhat.com/show_bug.cgi?id=1075250 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0498 – Adobe Flash Player RegExp Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0498
Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer basado en pila en Adobe Flash Player anterior a 11.7.700.269 y 11.8.x hasta 12.0.x anterior a 12.0.0.70 en Windows y Mac OS X y anterior a 11.2.202.341 en Linux, Adobe AIR anterior a 4.0.0.1628 en Android, Adobe AIR SDK anterior a 4.0.0.1628, y Adobe AIR SDK & Compiler anterior a 4.0.0.1628 permite a atacantes ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://helpx.adobe.com/security/products/flash-player/apsb14-07.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html http://rhn.redhat.com/errata/RHSA-2014-0196.html http://security.gentoo.org/glsa/glsa-201405-04.xml https://access.redhat.com/security/cve/CVE-2014-0498 https://bugzilla.redhat.com/show_bug.cgi? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0499 – flash-plugin: multiple flaws lead to arbitrary code execution (APSB14-07)
https://notcve.org/view.php?id=CVE-2014-0499
Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. Adobe Flash Player anterior a 11.7.700.269 y 11.8.x hasta 12.0.x anterior a 12.0.0.70 en Windows y Mac OS X y anterior a 11.2.202.341 en Linux, Adobe AIR anterior a 4.0.0.1628 en Android, Adobe AIR SDK anterior a 4.0.0.1628 y Adobe AIR SDK & Compiler anterior a 4.0.0.1628 no previenen el acceso a información de direcciones, lo que facilita a atacantes evadir el mecanismo de protección ASLR a través de vectores no especificados. • http://helpx.adobe.com/security/products/flash-player/apsb14-07.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html http://rhn.redhat.com/errata/RHSA-2014-0196.html http://security.gentoo.org/glsa/glsa-201405-04.xml https://access.redhat.com/security/cve/CVE-2014-0499 https://bugzilla.redhat.com/show_bug.cgi? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0502 – Adobe Flash Player Double Free Vulnerablity
https://notcve.org/view.php?id=CVE-2014-0502
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. Vulnerabilidad de doble liberación en Adobe Flash Player anterior a 11.7.700.269 y 11.8.x hasta 12.0.x anterior a 12.0.0.70 en Windows y Mac OS X y anterior a 11.2.202.341 en Linux, Adobe AIR anterior a 4.0.0.1628 en Android, Adobe AIR SDK anterior a 4.0.0.1628 y Adobe AIR SDK & Compiler anterior a 4.0.0.1628 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, tal y como se demostró activamente en febrero 2014. Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. • http://helpx.adobe.com/security/products/flash-player/apsb14-07.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html http://rhn.redhat.com/errata/RHSA-2014-0196.html http://security.gentoo.org/glsa/glsa-201405-04.xml http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day& • CWE-399: Resource Management Errors CWE-415: Double Free •
CVE-2014-0497 – Adobe Flash Player Integer Underflow Vulnerablity
https://notcve.org/view.php?id=CVE-2014-0497
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento inferior de enteros en Adobe Flash Player anterior a 11.7.700.261 y 11.8.x hasta 12.0.x anterior a 12.0.0.44 en Windows y Mac OS X, y anterior a 11.2.202.336 en Linux, permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. • https://www.exploit-db.com/exploits/33212 http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html http://helpx.adobe.com/security/products/flash-player/apsb14-04.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html http://rhn.redhat.com/errata/RHSA-2014-0137.html http://secunia.com/advisories/56437 h • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •