CVE-2017-2993 – flash-plugin: multiple code execution issues fixed in APSB17-04
https://notcve.org/view.php?id=CVE-2017-2993
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de uso después de liberación relacionado con controladores de eventos. La explotación exitosa podría conducir a la ejecución de código arbitrario. • http://rhn.redhat.com/errata/RHSA-2017-0275.html http://www.securityfocus.com/bid/96199 http://www.securitytracker.com/id/1037815 https://helpx.adobe.com/security/products/flash-player/apsb17-04.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2993 https://bugzilla.redhat.com/show_bug.cgi?id=1422237 • CWE-416: Use After Free •
CVE-2017-2995 – Adobe Flash Player MessageChannel Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2995
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de confusión de tipo relacionada con la clase MessageChannel. La explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2017-0275.html http://www.securityfocus.com/bid/96191 http://www.securitytracker.com/id/1037815 https://helpx.adobe.com/security/products/flash-player/apsb17-04.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2995 https://bugzilla.redhat.com/show_bug.cgi?id=1422237 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2017-2937 – flash-plugin: multiple code execution issues fixed in APSB17-02
https://notcve.org/view.php?id=CVE-2017-2937
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution. Las versiones Adobe Flash Player 24.0.0.186 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria explotable en la clase ActionScript FileReference, cuando utiliza la herencia de clase. Una explotación satisfactoria podría conducir a la ejecución de código arbitrario. • http://rhn.redhat.com/errata/RHSA-2017-0057.html http://www.securityfocus.com/bid/95342 http://www.securitytracker.com/id/1037570 https://helpx.adobe.com/security/products/flash-player/apsb17-02.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2937 https://bugzilla.redhat.com/show_bug.cgi?id=1411929 • CWE-416: Use After Free •
CVE-2017-2930 – Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption
https://notcve.org/view.php?id=CVE-2017-2930
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution. Las versiones Adobe Flash Player 24.0.0.186 y anteriores tienen una vulnerabilidad de corrupción de memoria explotable debido a un error de concurrencia cuando manipulan una lista de visualización. Una explotación satisfactoria podría conducir a la ejecución de código arbitrario. • https://www.exploit-db.com/exploits/41012 https://www.exploit-db.com/exploits/41008 http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html http://rhn.redhat.com/errata/RHSA-2017-0057.html http://www.securityfocus.com/bid/95350 http://www.securitytracker.com/id/1037570 https://cosig.gouv.qc.ca/en/cosig-2017-01-en https://helpx.adobe.com/security/products/flash-player/apsb17-02.html https://security.gentoo.org/glsa/201702-20 https:// • CWE-787: Out-of-bounds Write •
CVE-2017-2931 – Adobe Flash - Metadata Parsing Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2017-2931
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution. Las versiones Adobe Flash Player 24.0.0.186 y anteriores tienen una vulnerabilidad de corrupción de memoria explotable relacionado con el análisis de metadatos SWF. Una explotación satisfactoria podría conducir a la ejecución de código arbitrario. Adobe Flash suffers from an out-of-bounds read in metadata parsing. • https://www.exploit-db.com/exploits/41608 http://rhn.redhat.com/errata/RHSA-2017-0057.html http://www.securityfocus.com/bid/95350 http://www.securitytracker.com/id/1037570 https://helpx.adobe.com/security/products/flash-player/apsb17-02.html https://security.gentoo.org/glsa/201702-20 https://access.redhat.com/security/cve/CVE-2017-2931 https://bugzilla.redhat.com/show_bug.cgi?id=1411929 • CWE-787: Out-of-bounds Write •