CVE-2014-0497 – Adobe Flash Player Integer Underflow Vulnerablity
https://notcve.org/view.php?id=CVE-2014-0497
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento inferior de enteros en Adobe Flash Player anterior a 11.7.700.261 y 11.8.x hasta 12.0.x anterior a 12.0.0.44 en Windows y Mac OS X, y anterior a 11.2.202.336 en Linux, permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. • https://www.exploit-db.com/exploits/33212 http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html http://helpx.adobe.com/security/products/flash-player/apsb14-04.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html http://rhn.redhat.com/errata/RHSA-2014-0137.html http://secunia.com/advisories/56437 h • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2014-0492 – Adobe Flash Player Jump Opcode Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2014-0492
Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak." Adobe Flash Player anteriores a 11.7.700.260 y 11.8.x y 11.9.x anteriores a 12.0.0.38 en Windows y Mac OS X y anteriores a 11.2.202.335 en Linux, Adobe AIR anteriores a 4.0.0.1390, Adobe AIR SDK anteriores a 4.0.0.1390 permite a atacantes evadir el mecanismo de protección ASLR aprovechando un "address leak". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the jump operation code. The issue lies in the failure of the ActionScript Virtual Machine to properly sanitize values before jumping to them. • http://helpx.adobe.com/security/products/flash-player/apsb14-02.html http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.html http://rhn.redhat.com/errata/RHSA-2014-0028.html http://secunia.com/advisories/56516 http://secunia.com/advisories/56636 http://www.securitytracker.com/id/1029602 https://access.redhat.com/security/cve/CVE-2014-0492 https://bugzilla.redhat.com/show_bug.cgi?id=1053235 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0491 – flash-plugin: security protection bypass (APSB14-02)
https://notcve.org/view.php?id=CVE-2014-0491
Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors. Adobe Flash Player anteriores a 11.7.700.260 y 11.8.x y 11.9.x anteriores a 12.0.0.38 en Windows y mac OS X y anteriores a 112.202.335 en Linux, Adobe AIR anteriores a 4.0.0.1390, Adobe AIR SDK anteriores a 4.0.0.1390, y Adobe AIR SDK & Compiler anteriores a 4.0.0.1390 permite a atacantes sortear un mecanismo de protección no especificado a través de vectores desconocidos. • http://helpx.adobe.com/security/products/flash-player/apsb14-02.html http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.html http://rhn.redhat.com/errata/RHSA-2014-0028.html http://secunia.com/advisories/56516 http://secunia.com/advisories/56636 http://www.securitytracker.com/id/1029602 https://access.redhat.com/security/cve/CVE-2014-0491 https://bugzilla.redhat.com/show_bug.cgi?id=1053233 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-5331 – Adobe Flash Player - Type Confusion Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-5331
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013. Adobe Flash Player anterior a 11.7.700.257y11.8.x y 11.9.x anterior a 11.9.900.170 en Windows y Mac OS X y en Linux antes de 11.2.202.332 , Adobe AIR anterior a AIR3.9.0.1380 , y Adobe AIR SDK y compilador anterior a 3.9.0.1380 permite a atacantes remotos ejecutar código arbitrario a través de contenido swf manipulado que aprovecha un tipo no especificado "type confusion", como se ha explotado en diciembre de 2013. • https://www.exploit-db.com/exploits/33095 http://helpx.adobe.com/security/products/flash-player/apsb13-28.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00008.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00075.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00084.html http://rhn.redhat.com/errata/RHSA-2013-1818.html https://access.redhat.com/security/cve/CVE-2013-5331 https://bugzilla.redhat.com/show_bug.cgi?id=1040185 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-5332 – flash-plugin: multiple code execution flaws (APSB13-28)
https://notcve.org/view.php?id=CVE-2013-5332
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a 11.7.700.257 y 11.8.x y 11.9.x antes 11.9.900.170 en Windows y Mac OS X y antes de 11.2.202.332 en Linux, Adobe AIR 3.9.0.1380 antes, Adobe AIR SDK 3.9.0.1380 antes, y Adobe AIR SDK y compilador antes 3.9.0.1380 permite a un atacante ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://helpx.adobe.com/security/products/flash-player/apsb13-28.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00008.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00075.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00084.html http://rhn.redhat.com/errata/RHSA-2013-1818.html https://access.redhat.com/security/cve/CVE-2013-5332 https://bugzilla.redhat.com/show_bug.cgi?id=1040185 • CWE-94: Improper Control of Generation of Code ('Code Injection') •