Page 181 of 1091 results (0.010 seconds)

CVSS: 9.3EPSS: 97%CPEs: 10EXPL: 1

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player antes de v10.3.183.15 y v11.x antes de v11.1.102.62 en Windows, Mac OS X, Linux y Solaris, y antes de v11.1.111.6 en Android v2.x y v3.x, y antes de v11.1.115.6 en Android v4.x permite a los atacantes ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. A size value is read from MP4 files and used for size calculation without proper validation. • https://www.exploit-db.com/exploits/18572 http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-0144.html http://secunia.com/advisories/48265 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-03.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15030 https://oval.cisecurity.org/repository/search& • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 1

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Adobe Flash Player v11.1.102.55 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección mediante un archivo SWF modificado, como lo demuestra la segunda de las dos vulnerabilidades explotadas por el módulo Intevydis vd_adobe_fp en VulnDisco Step Ahead (SA)). NOTA: a partir de 20111207, esta revelación no tiene información útil. • http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov http://www.securitytracker.com/id?1026392 https://bugzilla.redhat.com/show_bug.cgi?id=761223 https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14539 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16096 •

CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 1

Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Adobe Flash Player v11.1.102.55 en Windows y Mac OS X permite a atacantes remotos ejecutar código de su elección mediante un archivo SWF modificado, como lo demuestra la primera de las dos vulnerabilidades explotadas por el módulo Intevydis vd_adobe_fp en VulnDisco Step Ahead (SA)). NOTA: a partir de 20111207, esta revelación no tiene información útil. • http://partners.immunityinc.com/movies/VulnDisco-Flash0day-v2.mov http://www.securitytracker.com/id?1026392 https://bugzilla.redhat.com/show_bug.cgi?id=761216 https://lists.immunityinc.com/pipermail/dailydave/2011-December/000402.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14405 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15703 •

CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site. Adobe Flash Player anterior a v10.3.183.11 ybv11.x anteriores a v11.1.102.55 en Windows, Mac OS X, Linux, y Solaris y anteriores a v11.1.102.59 en Android, y Adobe AIR anterior a v3.1.0.4880, cuando se usa Internet Explorer, permite a atacantes remotos evitar las políticas de dominios cruzados mediante un sitio Web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb11-28.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14014 https://oval.cisecurity.org/reposi • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. Adobe Flash Player anterior a v10.3.183.11 y v11.x anteriore a v11.1.102.55 en Windows, Mac OS X, Linux, y Solaris y anteriores a v11.1.102.59 en Android, y Adobe AIR anteriores a v3.1.0.4880, permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb11-28.html http://www.redhat.com/support/errata/RHSA-2011-1445.html https://oval.cisecurity.org/repository/search/definition/oval%3A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •