CVE-2015-5122 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-5122
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. Vulnerabilidad de uso después de liberación descubierta en la implementación de la clase DisplayObject en el ActionScript (AS3) en Adobe Flash Player 13.x hasta 13.0.0.302 en Windows y en OS X, 14.x hasta 18.0.0.203 en Windows y en OS X, 11.x hasta 11.2.202.481 en Linux, y en 12.x hasta 18.0.0.204 en las intalaciones de Google Chorme en Linux permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) hasta contenido Flash manipulado que aprovecha el manejo inadecuado de la propiedad opaqueBackground, tal y como fue utilizado activamente en julio de 2015. Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). • https://www.exploit-db.com/exploits/37599 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html http://rhn.redhat.com/errata/RHSA-2015-1235.html http://www.kb.cert.org/vuls/id • CWE-416: Use After Free •
CVE-2015-3113 – Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2015-3113
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player anterior a 13.0.0.296 y 14.x hasta 18.x anterior a 18.0.0.194 en Windows y OS X y anterior a 11.2.202.468 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, tal y como fue utilizado activamente en junio del 2015. Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/37536 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.html http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://rhn.redhat.com/errata/RHSA-2015-1184.html http://www.securityfocus.com/bid/75371 http://www.securitytracker.com/id/1032696 https://bugzilla.redhat.com/show_bug. • CWE-787: Out-of-bounds Write •
CVE-2015-3107 – Adobe Flash - NetConnection.connect Use-After-Free
https://notcve.org/view.php?id=CVE-2015-3107
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.292 y 14.x hasta 18.x anterior a 18.0.0.160 en Windows y OS X y anterior a 11.2.202.466 en Linux, Adobe AIR anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X y Android, Adobe AIR SDK anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X, y Adobe AIR SDK & Compiler anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3103 y CVE-2015-3106. If the fpadInfo property of a NetConnection object is a SharedObject, a use-after-free occurs when the property is deleted. • https://www.exploit-db.com/exploits/37850 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1086.html http://www.securityfocus.com/bid/75087 http://www.securitytracker.com/id/1032519 https://helpx.adobe • CWE-416: Use After Free •
CVE-2015-0833
https://notcve.org/view.php?id=CVE-2015-0833
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. Múltiples vulnerabilidades de rutas de búsqueda no confiables en updater.exe en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 en Windows, cuando el servicio de mantenimiento no está utilizado, permiten a usuarios locales ganar privilegios a través de un DLL troyano en(1) el directorio de trabajo actual o (2) un directorio temporal, tal y como fue demostrado por bcrypt.dll. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.mozilla.org/security/announce/2015/mfsa2015-12.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72747 http://www.securitytracker.com/id/1031791 http://www.securitytracker.com/id/1031792 https://bugzilla.mo •
CVE-2015-0313 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-0313
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 13.0.0.269 y 14.x hasta la versión 16.x en versiones anteriores a 16.0.0.305 en Windows y OS X y en versiones anteriores a 11.2.202.442 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, según se ha explotado activamente en febrero de 2015, una vulnerabilidad diferente a CVE-2015-0315, CVE-2015-0320 y CVE-2015-0322. Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/36579 https://www.exploit-db.com/exploits/36491 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html http://secunia& • CWE-416: Use After Free •