CVSS: 10.0EPSS: 13%CPEs: 161EXPL: 0CVE-2012-5252 – flash-plugin: multiple code-execution flaws (APSB12-22)
https://notcve.org/view.php?id=CVE-2012-5252
Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. Adobe Flash Player antes de v10.3.183.29 y 11.x antes de v11.4.402.287 en Windows and Mac OS X, antes de v10.3.183.29 and 11.x antes de v11.2.202.243 en Linux, antes de v11.1.111.19 en Android 2.x y 3.x, and antes de v11.1.115.20 en Android 4.x; Adobe AIR antes de v3.4.0.2710; y Adobe AIR SDK antes de v3.4.0.2710, permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a otros CVE de corrupción de memoria en Flash Player listada como APSB12-22. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html http://osvdb.org/86029 http://www.adobe.com/support/security/bulletins/apsb12-22.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79073 https://access.redhat.com/security/cve/CVE-2012-5252 https://bugzilla.redhat.com/show_bug.cgi?id=864284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 62%CPEs: 1EXPL: 1CVE-2012-5054 – Adobe Flash Player Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2012-5054
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments. Desbordamiento de entero en el método copyRawDataTo en la clase Matrix3D en Adobe Flash Player antes de 11.4.402.265, permite a atacantes remotos ejecutar código de su elección a través de argumentos mal formados. Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments. • http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html http://www.adobe.com/support/security/bulletins/apsb12-19.html http://www.vupen.com/english/services/ba-index.php https://exchange.xforce.ibmcloud.com/vulnerabilities/78866 https://access.redhat.com/security/cve/CVE-2012-5054 https://bugzilla.redhat.com/show_bug.cgi?id=860060 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 0%CPEs: 287EXPL: 0CVE-2012-4171
https://notcve.org/view.php?id=CVE-2012-4171
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs. Adobe Flash Player anterior a v10.3.183.23 y v11.x anterior a v11.4.402.265 en Windows y Mac OS X, anterior a v10.3.183.23 y v11.x anterior a v11.2.202.238 en Linux, anterior a v11.1.111.16 en Android 2.x y 3.x y anterior a v11.1.115.17 en Android 4.x, Adobe AIR anterior a v3.4.0.2540, y Adobe AIR SDK anterior a v3.4.0.2540, permite a un atacante provocar una denegación de servicio (caída de aplicación) al aprovechar un error de lógica en el manejo de los diálogos de Firefox. • http://www.adobe.com/support/security/bulletins/apsb12-19.html http://www.securityfocus.com/bid/55365 https://exchange.xforce.ibmcloud.com/vulnerabilities/78226 •
CVSS: 9.3EPSS: 94%CPEs: 262EXPL: 1CVE-2012-1535 – Adobe Flash Player Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1535
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. Vulnerabilidad no especificada en Adobe Flash Player anterior a v11.3.300.271 en Windows y Mac OS X y anterior a v11.2.202.238 en Linux permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de contenido SWF especialmente diseñado, como se explotó en Agosto de 2012 con el contenido de un SWF en un documento Word. Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content. • https://www.exploit-db.com/exploits/20624 http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2012-1203.html http://security.gentoo.org/glsa/glsa-201209-01.xml http://www.adobe.com/support/security/bulletins/apsb12-18.html https://access.redhat.com/security/cve/CVE-2012-1535 https://bugzilla.red •
CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2012-2040
https://notcve.org/view.php?id=CVE-2012-2040
Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory. Vulnerabilidad de path de búsqueda no seguro en el instalador de Adobe Flash Player anteriores a v10.3.183.20 y 11.x anteriores a v11.3.300.257 en Windows y Mac OS X; anteriores a v10.3.183.20 y 11.x anteriores a v11.2.202.236 en Linux; anteriores a v11.1.111.10 en Android v2.x y v3.x; y anteriores a vv11.1.115.9 en Android v4.x, y Adobe AIR anteriores a v3.3.0.3610, permite a usuarios locales obtener privilegios a través de un programa troyano en un fichero no especificado. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html http://www.adobe.com/support/security/bulletins/apsb12-14.html • CWE-426: Untrusted Search Path •