CVE-2009-1866 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1866
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en pila en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/56774 http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1865 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1865
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalizar la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados, relacionados con una vulnerabilidad de puntero nulo. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http://www.adobe.com/support/secu •
CVE-2009-1864 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1864
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http://www.adobe.com/support/secu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1867 – flash-plugin: multiple information disclosure flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1867
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite que atacantes engañen al usuario para (1) pulsar en un enlace o (2) completar un diálogo, relacionado con una vulnerabilidad de "clickjacking". • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/56775 http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http://support.apple.com/kb/HT3865 http:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2009-1868 – Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1868
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecutar código de su elección mediante vectores no especificados relacionados con el análisis sintáctico de una URL. • https://www.exploit-db.com/exploits/33133 http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/56776 http://secunia.com/advisories/36193 http://secunia.com/advisories/36374 http://secunia.com/advisories/36701 http://security.gentoo.org/glsa/glsa-200908-04.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://support.apple.com/kb/HT3864 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •