CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 0CVE-2012-0753 – flash-plugin: multiple code execution flaws (APSB12-03)
https://notcve.org/view.php?id=CVE-2012-0753
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data. Adobe Flash Player anterior a v10.3.183.15 y v11.x anterior a v11.1.102.62 en Windows, Mac OS X, Linux, y Solaris; anterior a 11.1.111.6 en Android 2.x y 3.x; y anterior a v11.1.115.6 en Android 4.x permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante paquetes MP4 manipulados • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-0144.html http://secunia.com/advisories/48265 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-03.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14795 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15601 h • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 0CVE-2012-0752 – flash-plugin: multiple code execution flaws (APSB12-03)
https://notcve.org/view.php?id=CVE-2012-0752
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion." El programa Adobe Flash Player anterior a la versión 10.3.183.15 y versión 11.x anterior a 11.1.102.62 en Windows, Mac OS X, Linux y Solaris; anterior al 11.1.111.6 en Android versión 2.x y versión 3.x; y anterior a versión 11.1.115.6 en Android versión 4.x, los atacantes pueden ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) impulsando un ataque "type confusion" no especificado. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-0144.html http://secunia.com/advisories/48265 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-03.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14654 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16103 h • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 1CVE-2011-4693
https://notcve.org/view.php?id=CVE-2011-4693
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Adobe Flash Player v11.1.102.55 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección mediante un archivo SWF modificado, como lo demuestra la primera de las dos vulnerabilidades explotadas por el módulo Intevydis vd_adobe_fp en VulnDisco Step Ahead (SA)). NOTA: a partir de 20111207, esta revelación no tiene información útil. • http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov http://www.securitytracker.com/id?1026392 https://bugzilla.redhat.com/show_bug.cgi?id=761216 https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14405 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15703 •
CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 1CVE-2011-4694
https://notcve.org/view.php?id=CVE-2011-4694
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Adobe Flash Player v11.1.102.55 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección mediante un archivo SWF modificado, como lo demuestra la segunda de las dos vulnerabilidades explotadas por el módulo Intevydis vd_adobe_fp en VulnDisco Step Ahead (SA)). NOTA: a partir de 20111207, esta revelación no tiene información útil. • http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov http://www.securitytracker.com/id?1026392 https://bugzilla.redhat.com/show_bug.cgi?id=761223 https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14539 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16096 •
CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0CVE-2011-2458
https://notcve.org/view.php?id=CVE-2011-2458
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site. Adobe Flash Player anterior a v10.3.183.11 ybv11.x anteriores a v11.1.102.55 en Windows, Mac OS X, Linux, y Solaris y anteriores a v11.1.102.59 en Android, y Adobe AIR anterior a v3.1.0.4880, cuando se usa Internet Explorer, permite a atacantes remotos evitar las políticas de dominios cruzados mediante un sitio Web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb11-28.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014 https://oval.cisecurity.org/reposi • CWE-264: Permissions, Privileges, and Access Controls •