Page 210 of 1094 results (0.015 seconds)

CVSS: 9.3EPSS: 25%CPEs: 38EXPL: 0

Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. Vulnerabilidad no especificada en Adobe Flash Player 9.x anteriores a v9.0.159.0 y v10.x anteriores a v10.0.22.87, permiten a atacantes remotos provocar una denegación de servicio (caída del navegador) o posiblemente ejecutar código de su elección a través de un fichero Shockwave Flash (también conocido como .swf). • http://isc.sans.org/diary.html?storyid=5929 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0332.html http://rhn.redhat.com/errata/RHSA-2009-0334.html http://secunia.com/advisories/34012 http://secunia.com/advisories/34226 http://secunia.com/advisories/34293 http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909& • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 39%CPEs: 38EXPL: 1

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue." Adobe Flash Player v9.x anteriores a v9.0.159.0 y 10.x before 10.0.22.87 no elimina apropiadamente referencias a objetos destruidos durante el procesado de un archivo Shockwave Flash, lo que permite a los atacantes remotos ejecutar arbitrariamente código a través de un fichero manipulado, en relación a un "asunto de desbordamiento de búfer". • https://www.exploit-db.com/exploits/32811 http://isc.sans.org/diary.html?storyid=5929 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0332.html http://rhn.redhat.com/errata/RHSA-2009-0334.html http://secunia.com/advisories/34012 http://secunia.com/advisories/34226 http://secunia.com/advisories/34293 http://secunia.com/advisories/35074 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file. La máquina virtual ActionScript v2 en Adobe Flash Player v10.x anteriores a v10.0.12.36 y en v9.x anteriores a v9.0.151.0, y en Adobe AIR anteriores a v1.5, no verifica el tamaño de un elemento miembro cuando realiza las acciones (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, y otras acciones no especificadas, permitiendo a atacantes remotos leer información sensible del proceso en memoria mediante un fichero PDF modificado. • http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://securityreason.com/securityalert/4692 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm http://www.adobe.com/support/security/bulletins/apsb08-22.html http://www.isecpartners.com/advisories/2008-01-flash.txt http://www.securityfocus.com/archive/1/498561/100/0/threaded https: • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file. La acción "DefineConstantPool" en la máquina virtual ActionScript v2 en Adobe Flash Player v10.x anteriores a v10.0.12.36 y v9.x anteriores a v9.0.151.0, y en Adobe AIR anteriores a v1.5, acepta un valor de entrada no confiable en un "contador constante", permitiendo a atacantes remotos leer información sensible del proceso en memoria mediante un fichero PDF modificado. • http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://securityreason.com/securityalert/4692 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm http://www.adobe.com/support/security/bulletins/apsb08-22.html http://www.isecpartners.com/advisories/2008-01-flash.txt http://www.securityfocus.com/archive/1/498561/100/0/threaded https: • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file. La máquina virtual ActionScript v2 en Adobe Flash Player v10.x anteriores a v10.0.12.36 y en v9.x anteriores a v9.0.151.0, y en Adobe AIR anteriores a v1.5, no realizan validación de los caracteres de los elementos durante la recuperación de la estructura de datos del diccionario, permitiendo a atacantes remotos provocar una denegación de servicio (referencia a puntero NULO y parada de la aplicación) mediante un fichero PDF modificado. • http://secunia.com/advisories/33390 http://secunia.com/advisories/34226 http://security.gentoo.org/glsa/glsa-200903-23.xml http://securityreason.com/securityalert/4692 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm http://www.adobe.com/support/security/bulletins/apsb08-22.html http://www.isecpartners.com/advisories/2008-01-flash.txt http://www.securityfocus.com/archive/1/498561/100/0/threaded https: • CWE-399: Resource Management Errors •