CVE-2013-0634 – Adobe Flash Player - Regular Expression Heap Overflow
https://notcve.org/view.php?id=CVE-2013-0634
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. Adobe Flash Player antes de v10.3.183.51 y v11.x antes de v11.5.502.149 para Windows y Mac OS X, antes de v10.3.183.51 y v11.x antes de v11.2.202.262 para Linux, antes de v11.1.111.32 para Android v2.x y v3.x, y antes de v11.1.115.37 para Android v4.x permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través contenido SWF, como los explotados en febrero de 2013. • https://www.exploit-db.com/exploits/32959 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.html http://rhn.redhat.com/errata/RHSA-2013-0243.html http://www.adobe.com/support/security/bulletins/apsb13-04.html https://access.redhat.com/security/cve/CVE-2013-0634 https://bugzilla.redhat.com/show_bug.cgi?id=908999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0633 – Adobe Flash Player - Regular Expression Heap Overflow
https://notcve.org/view.php?id=CVE-2013-0633
Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. Desbordamiento de búfer en Adobe Flash Player antes de v10.3.183.51 y v11.x antes de v11.5.502.149 en Windows y Mac OS X, antes de v10.3.183.51 y v11.x antes de v11.2.202.262 en Linux, antes de v11.1.111.32 en Android v2.x y v3.x, y antes de v11.1.115.37 en Android v4.x permite a atacantes remotos ejecutar código arbitrario a través de contenido SWF preparado para este propósito, como fueron explotados en libremente en Febrero de 2013. • https://www.exploit-db.com/exploits/32959 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.html http://rhn.redhat.com/errata/RHSA-2013-0243.html http://www.adobe.com/support/security/bulletins/apsb13-04.html https://access.redhat.com/security/cve/CVE-2013-0633 https://bugzilla.redhat.com/show_bug.cgi?id=908999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0630 – flash-plugin: buffer overflow flaw that can lead to arbitrary code execution (APSB13-01)
https://notcve.org/view.php?id=CVE-2013-0630
Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en Adobe Flash Player anteriores a v10.3.183.50 y 11.x anteriores a v11.5.502.146 en Windows y Mac OS X, anteriores a v10.3.183.50 y 11.x anteriores a v11.2.202.261 en Linux, anteriores a v11.1.111.31 en Android 2.x y 3.x, y anteriores a v11.1.115.36 en Android 4.x; Adobe AIR anteriores a v3.5.0.1060; y Adobe AIR SDK anteriores a v3.5.0.1060 permite a atacantes remotos a ejecutar código a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00003.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00012.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00084.html http://rhn.redhat.com/errata/RHSA-2013-0149.html http://www.adobe.com/support/security/bulletins/apsb13-01.html https://access.redhat.com/security/cve/CVE • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-5676 – flash-plugin: multiple code execution flaws (APSB12-27)
https://notcve.org/view.php?id=CVE-2012-5676
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento búfer en Adobe Flash Player antes de v10.3.183.48 y v11.x antes de v11.5.502.135 en Windows, antes de v10.3.183.48 y v11.x antes de v11.5.502.136 en Mac OS X, antes de v10.3.183.48 y v11.x antes de v11.2.202.258 en Linux, antes de v11.1.111.29 en Android v2.x y v3.x, y antes de v11.1.115.34 en Android v4.x; Adobe AIR antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X; y Adobe AIR SDK antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html http://www.adobe.com/support/security/bulletins/apsb12-27.html https://access.redhat.com/security/cve/CVE-2012-5676 https://bugzilla.redhat.com/show_bug.cgi?id=886200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-5677 – Adobe Flash Player loadPCMFromByteArray Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-5677
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de entero en Adobe Flash Player antes de v10.3.183.48 y v11.x antes de v11.5.502.135 en Windows, antes de v10.3.183.48 y v11.x antes de v11.5.502.136 en Mac OS X, antes de v10.3.183.48 y v11.x antes de v11.2.202.258 en Linux, antes de v11.1.111.29 en Android v2.x y v3.x, y antes de v11.1.115.34 en Android v4.x; Adobe AIR antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X; y Adobe AIR SDK antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the loadPCMFromByteArray function in the flash.media.Sound object. When this function is called with a high number of 'samples' an integer overflow occurs during the calculation of a buffer size. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html http://www.adobe.com/support/security/bulletins/apsb12-27.html https://access.redhat.com/security/cve/CVE-2012-5677 https://bugzilla.redhat.com/show_bug.cgi?id=886200 • CWE-189: Numeric Errors •