CVE-2016-7875 – Adobe Flash Player BitmapData Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7875
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versión 23.0.0.207 y versiones anteriores, 11.2.202.644 y versiones anteriores tienen una vulnerabilidad explotable de desbordamiento de entero en la clase BitmapData. Una explotación exitosa puede resultar en una ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html http://rhn.redhat.com/errata/RHSA-2016-2947.html http://www.securityfocus.com/bid/94866 http://www.securitytracker.com/id/1037442 http://www.zerodayinitiative.com/advisories/ZDI-16-621 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 https://helpx.adobe.com/security/products/flash-player/apsb16-39.html https://securi • CWE-190: Integer Overflow or Wraparound •
CVE-2016-7879 – Adobe Flash NetConnection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7879
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versión 23.0.0.207 y versiones anteriores, 11.2.202.644 y versiones anteriores tienen una vulnerabilidad explotable de uso después de liberación en el NetConnection class al manejar un objeto de secuencia de comandos adjunto. Una explotación exitosa puede resultar en una ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html http://rhn.redhat.com/errata/RHSA-2016-2947.html http://www.securityfocus.com/bid/94873 http://www.securitytracker.com/id/1037442 http://www.zerodayinitiative.com/advisories/ZDI-16-619 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 https://helpx.adobe.com/security/products/flash-player/apsb16-39.html https://securi • CWE-416: Use After Free •
CVE-2016-7857 – Adobe Flash AVSegmentedSource Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7857
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94153 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-596 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7857 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-416: Use After Free •
CVE-2016-7858 – Adobe Flash ExternalInterface addCallback Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7858
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94153 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-595 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7858 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-416: Use After Free •
CVE-2016-7859 – Adobe Flash AS2 extends Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7859
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94153 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-602 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7859 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-416: Use After Free •