CVSS: 6.8EPSS: 2%CPEs: 84EXPL: 0CVE-2010-0186 – flash-plugin: unauthorized cross-domain requests (APSB10-06)
https://notcve.org/view.php?id=CVE-2010-0186
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. Vulnerabilidad de tipo cross-domain en Adobe Flash Player anterior a versión 10.0.45.2, Adobe AIR anterior a 1.5.3.9130 y Adobe Reader y Acrobat 8.x anterior al 8.2.1 y 9.x anterior al 9.3.1 permite a los atacantes remotos omitir las restricciones de sandbox previstas y hacer peticiones de tipo cross-domain por medio de vectores no específicos. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38547 http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.com/kb/HT4188 http://www.adobe.com/sup •
CVSS: 4.3EPSS: 88%CPEs: 53EXPL: 2CVE-2010-0187 – Microsoft Internet Explorer 6/7/8 - Shockwave Flash Object Denial of Service
https://notcve.org/view.php?id=CVE-2010-0187
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file. Adobe Flash Player en versiones anteriores a la v10.0.45.2 y Adobe AIR en versiones anteriores a la v1.5.3.9130 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un fichero SWF modificado. • https://www.exploit-db.com/exploits/11182 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://sebug.net/exploit/18967 http://secunia.com/advisories/38547 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.co • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 17%CPEs: 5EXPL: 0CVE-2010-0379
https://notcve.org/view.php?id=CVE-2010-0379
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. Múltiples vulnerabilidades no especificadas en el control ActiveX de Macromedia Flash en Flash Player de Adobe versión 6, tal y como es distribuido en Windows XP de Microsoft SP2 y SP3, podrían permitir a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que no están relacionados con el uso de memoria previamente liberada de la "Movie Unloading Vulnerability" (CVE-2010-0378). NOTA: debido a la falta de detalles, no está claro si esto se solapa a cualquier otro elemento CVE. • http://secunia.com/advisories/27105 http://securitytracker.com/id?1023435 http://www.microsoft.com/technet/security/advisory/979267.mspx https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14146 •
CVSS: 9.3EPSS: 18%CPEs: 3EXPL: 0CVE-2010-0378
https://notcve.org/view.php?id=CVE-2010-0378
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." Vulnerabilidad de uso después de la liberación en Adobe Flash Player v6.0.79, distribuido en Microsoft Windows XP SP2 y SP3, permite a atacantes remotos ejecutar código de su elección a través de la descarga de un objeto Flash que simultáneamente está siendo accedido por una secuencia de comandos, aprovechando una corrupción de memoria. También conocida como "Vulnerabilidad Movie Unloading". • http://secunia.com/advisories/27105 http://secunia.com/secunia_research/2007-77 http://securitytracker.com/id?1023435 http://www.kb.cert.org/vuls/id/204889 http://www.microsoft.com/technet/security/advisory/979267.mspx https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7580 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2009-3951
https://notcve.org/view.php?id=CVE-2009-3951
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. Vulnerabilidad sin especificar en el control ActiveX de Flash Player en Adobe Flash Player en versiones anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 en Windows permite a atacantes remotos obtener los nombres de ficheros locales a través de vectores desconocidos. NOTA: Esta vulnerabilidad se produce debido a un arreglo incompleto de CVE-2009-4820. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://osvdb.org/60891 http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023307 http://support.apple.com/kb/HT4004 http://www.adobe.com/support/security/bulletins/apsb09-19.html http://www.securityfocus.com/bid/37199 http://www.us-cert.gov&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •