CVE-2010-2186 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2186
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64, y Adobe Air anterior a v2.0.2.12610, permite a atacantes provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través de vectores desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-2172 – flash-plugin: "possible player crash" affects also v9.x versions of Adobe Flash Player
https://notcve.org/view.php?id=CVE-2010-2172
Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors. Adobe Flash Player 9 anterior a v9.0.277.0 en versiones UNIX sin especificar permite a atacantes provocar una denegación de servicio a través de vectores desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085 http://support.apple.com/kb/HT443 •
CVE-2010-2164 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2164
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function." Una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player anterior a versión 9.0.277.0 y versión 10.x anterior a 10.1.53.64, y Adobe AIR anterior a versión 2.0.2.12610, podría permitir a los atacantes ejecutar código arbitrario por medio de vectores no especificados relacionados a un "image type within a certain function." no especificado. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gento • CWE-399: Resource Management Errors •
CVE-2010-2161 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2161
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." Un error de índice de matriz en Adobe Flash Player anterior a versión 9.0.277.0 y versión 10.x anterior a 10.1.53.64, y Adobe AIR anterior a versión 2.0.2.12610, podría permitir a atacantes ejecutar código arbitrario por medio de "types of Adobe Flash code." no especificado. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=871 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gento • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-1297 – Adobe Flash Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2010-1297
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010. Vulnerabilidad sin especificar en Adobe Flash Player v9.0.x a v9.0.262 y v10.x a v10.0.45.2, y authplay.dl en Adobe Reader y Acrobat v9.x a 9.3.2, permite a atacantes remotos ejecutar código a su elección a través de contenido SWF manipulado, se explota activamente desde Junio de 2010. Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). • https://www.exploit-db.com/exploits/13787 https://www.exploit-db.com/exploits/14853 https://www.exploit-db.com/exploits/16614 https://www.exploit-db.com/exploits/16687 http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com& • CWE-787: Out-of-bounds Write •