CVSS: 9.3EPSS: 14%CPEs: 3EXPL: 0CVE-2010-3637
https://notcve.org/view.php?id=CVE-2010-3637
An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. Un control ActiveX no especificados en Adobe Flash Player anterior a versión 9.0.289.0 y versión 10.x anterior a 10.1.102.64 (Flash10h.ocx) en Windows permiten que los atacantes remotos ejecuten códigos arbitrarios o causen una denegación de servicio (corrupción de memoria) por medio de un video FLV creado. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://marc.info/?l=bugtraq&m=130331642631603&w=2 http://secunia.com/advisories/42926 http://www.adobe.com/support/security/bulletins/apsb10-26.html http://www.securityfocus.com/archive/1/514652/100/0/threaded http://www.securityfocus.com/bid/44690 http://www.vupen.com/english/advisories/2010/2903 http://www.vupen.com/english/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 156EXPL: 4CVE-2010-3654 – Adobe Flash Player "Button" Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-3654
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. Flash Player de Adobe anterior a versión 9.0.289.0 y versiones 10.x anteriores a 10.1.102.64 en Windows, Mac OS X, Linux y Solaris y versión 10.1.95.1 en Android, y authplay.dll (también se conoce como AuthPlayLib.bundle o libauthplay.so.0.0.0) en Reader y Acrobat de Adobe versiones 9.x hasta 9.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de contenido SWF diseñado, como se explotó “in the wild” en octubre de 2010. • https://www.exploit-db.com/exploits/17187 https://www.exploit-db.com/exploits/16667 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html http://secunia.com/advisorie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2010-3975
https://notcve.org/view.php?id=CVE-2010-3975
Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Flash Player 9 permite a usuarios locales y posiblemente a atacantes remotos, ejecutar código de su elección y llevar a cabo un ataque de secuestro de DLL a través de un caballo de Troya a schannel.dll que se encuentra en la misma carpeta que el archivo procesado por Flash. • http://www.securityfocus.com/archive/1/513397 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12212 •
CVSS: 9.3EPSS: 2%CPEs: 43EXPL: 1CVE-2010-3976
https://notcve.org/view.php?id=CVE-2010-3976
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. Vulnerabilidad de ruta (path) de búsqueda no confiable en Flash Player de Adobe anterior a versión 9.0.289.0 y versiones 10.x anteriores a 10.1.102.64 en Windows, permite a los usuarios locales, y posiblemente atacantes remotos, ejecutar código arbitrario y llevar a cabo ataques de secuestro DLL por medio de una biblioteca dwmapi.dll de tipo caballo de Troya que se encuentra en la misma carpeta que un archivo que es procesado por Flash Player. • http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://marc.info/?l=bugtraq&m=130331642631603&w=2 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://support.apple.com/kb/HT4435 http://www.acrossecurity.com/aspr&# •
CVSS: 9.3EPSS: 83%CPEs: 164EXPL: 0CVE-2010-2884 – Flash: crash or potential arbitrary code execution (APSB10-22)
https://notcve.org/view.php?id=CVE-2010-2884
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. Vulnerabilidad sin especificar en Adobe Flash Player v10.1.82.76 y anteriores para Windows, Macintosh, Linux, Solaris; Flash Player v10.1.92.10 para Android; Reader v9.3.4 para Windows, Macintosh and UNIX; y Acrobat v9.3.4 y anteriores para Windows y Macintosh permite a los atacantes remotos causar una denegación de servicio (caída) y ejecutar código a su elección a través de vectores desconocidos, se explota activamente desde Septiembre de 2010. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41434 http://secunia.com/advisories/41435 http://secunia.com/advisories/41443 http://secunia.com/advisories/41526 http://secunia.com/advisories/43025 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-08. •