CVSS: 9.3EPSS: 17%CPEs: 5EXPL: 0CVE-2010-0379
https://notcve.org/view.php?id=CVE-2010-0379
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item. Múltiples vulnerabilidades no especificadas en el control ActiveX de Macromedia Flash en Flash Player de Adobe versión 6, tal y como es distribuido en Windows XP de Microsoft SP2 y SP3, podrían permitir a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que no están relacionados con el uso de memoria previamente liberada de la "Movie Unloading Vulnerability" (CVE-2010-0378). NOTA: debido a la falta de detalles, no está claro si esto se solapa a cualquier otro elemento CVE. • http://secunia.com/advisories/27105 http://securitytracker.com/id?1023435 http://www.microsoft.com/technet/security/advisory/979267.mspx https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14146 •
CVSS: 9.3EPSS: 18%CPEs: 3EXPL: 0CVE-2010-0378
https://notcve.org/view.php?id=CVE-2010-0378
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." Vulnerabilidad de uso después de la liberación en Adobe Flash Player v6.0.79, distribuido en Microsoft Windows XP SP2 y SP3, permite a atacantes remotos ejecutar código de su elección a través de la descarga de un objeto Flash que simultáneamente está siendo accedido por una secuencia de comandos, aprovechando una corrupción de memoria. También conocida como "Vulnerabilidad Movie Unloading". • http://secunia.com/advisories/27105 http://secunia.com/secunia_research/2007-77 http://securitytracker.com/id?1023435 http://www.kb.cert.org/vuls/id/204889 http://www.microsoft.com/technet/security/advisory/979267.mspx https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7580 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2009-3951
https://notcve.org/view.php?id=CVE-2009-3951
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. Vulnerabilidad sin especificar en el control ActiveX de Flash Player en Adobe Flash Player en versiones anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 en Windows permite a atacantes remotos obtener los nombres de ficheros locales a través de vectores desconocidos. NOTA: Esta vulnerabilidad se produce debido a un arreglo incompleto de CVE-2009-4820. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://osvdb.org/60891 http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023307 http://support.apple.com/kb/HT4004 http://www.adobe.com/support/security/bulletins/apsb09-19.html http://www.securityfocus.com/bid/37199 http://www.us-cert.gov&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3796 – flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)
https://notcve.org/view.php?id=CVE-2009-3796
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability." Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 podría permitir a atacantes ejecutar código arbitrario a través de vectores sin especificar, relacionado con la "vulnerabilidad de inyección de datos". • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://osvdb.org/60886 http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1 http://support.apple.com/kb/HT4004 http://www.adobe.c • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 46EXPL: 0CVE-2009-3798 – flash-plugin: multiple code execution flaws (APSB09-19) (CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800)
https://notcve.org/view.php?id=CVE-2009-3798
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. Adobe Flash Player anteriores a v10.0.42.34 y Adobe AIR anteriores a v1.5.3 podría permitir a atacantes ejecutar código a través de vectores sin especificar que inician una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html http://secunia.com/advisories/37584 http://secunia.com/advisories/37902 http://secunia.com/advisories/38241 http://securitytracker.com/id?1023306 http://securitytracker.com/id?1023307 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1 http://support.apple.com/kb/HT4004 http://www.adobe.com/support/security/bulletins/ • CWE-399: Resource Management Errors •