CVE-2011-2426 – flash-plugin: critical flaws fixed in APSB11-26
https://notcve.org/view.php?id=CVE-2011-2426
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en pila en el componente ActionScript Virtual Machine (AVM) de Adobe Flash Player antes de v10.3.183.10 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.186.7 en Android, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificadeos. • http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-26.html http://www.redhat.com/support/errata/RHSA-2011-1333.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14070 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15366 https://access.redhat.com/security/cve/CVE-2011-2426 https://bugzilla.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2444 – flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26
https://notcve.org/view.php?id=CVE-2011-2444
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player antes de v10.3.183.10 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.186.7 en Android, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL modificada, relacionado con un "fallo de secuencias de comandos en sitios cruzados universal" como se explotó en Septiembre de 2011. • http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-26.html http://www.redhat.com/support/errata/RHSA-2011-1333.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15272 https:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2430 – flash-plugin: critical flaws fixed in APSB11-26
https://notcve.org/view.php?id=CVE-2011-2430
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability." Adobe Flash Player antes de v10.3.183.10 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.186.7 en Android, permite a atacantes remotos ejecutar código de su elección a través de medios de transmisión modificados, relacionado con una "vulnerabilidad de error lógico" • http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-26.html http://www.redhat.com/support/errata/RHSA-2011-1333.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13809 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16116 https://access.redhat.com/security/cve/CVE-2011-2430 https://bugzilla.redhat.com • CWE-20: Improper Input Validation •
CVE-2011-2428 – flash-plugin: critical flaws fixed in APSB11-26
https://notcve.org/view.php?id=CVE-2011-2428
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue." Adobe Flash Player antes de v10.3.183.10 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.186.7 en Android, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída del navegador) a través de vectores no especificados, relacionado con un "fallo de error lógico" • http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-26.html http://www.redhat.com/support/errata/RHSA-2011-1333.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16181 https://access.redhat.com/security/cve/CVE-2011-2428 https://bugzilla.redhat.com • CWE-20: Improper Input Validation •
CVE-2011-2424 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2424
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures." Adobe Flash Player anterior a v10.3.183.5 en Windows, Mac OS X, Linux y Solaris, y anterior a v10.3.186.3 en Android, y Adobe AIR anterior a v2.7.1 en Windows y Mac OS X y anterior a v2.7.1.1961 en Android, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo SWF espacialmente manipulado, como lo demuestran los "cerca de 400 firmas de caída". • http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html http://twitter.com/taviso/statuses/101046246277521409 http://twitter.com/taviso/statuses/101046396790128640 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •