CVSS: 10.0EPSS: 85%CPEs: 9EXPL: 1CVE-2015-5130 – Adobe Flash AS2 - MovieClip.scrollRect Use-After-Free
https://notcve.org/view.php?id=CVE-2015-5130
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Vulnerabilidad de uso después de liberación en la memoria en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y versiones anteriores a 11.2.202.508 en Linux, en Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a los atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5127, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564 y CVE-2015-5565. When setting the scrollRect attribute of a MovieClip in AS2 with a custom Rectangle it is possible to free the MovieClip while a reference remains in the stack. • https://www.exploit-db.com/exploits/37854 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securityfocus.com/bid/76288 http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb& •
CVSS: 10.0EPSS: 94%CPEs: 9EXPL: 1CVE-2015-5131 – Adobe Flash - '.SWF' Out-of-Bounds Memory Read
https://notcve.org/view.php?id=CVE-2015-5131
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5132 and CVE-2015-5133. Vulnerabilidad de desbordamiento de buffer en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y versiones anteriores a 11.2.202.508 en Linux, en Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5132 y CVE-2015-5133. An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file. • https://www.exploit-db.com/exploits/37856 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securityfocus.com/bid/76284 http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 94%CPEs: 9EXPL: 1CVE-2015-5132 – Adobe Flash - '.SWF' Out-of-Bounds Memory Read
https://notcve.org/view.php?id=CVE-2015-5132
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5131 and CVE-2015-5133. Vulnerabilidad de desbordamiento de buffer en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y versiones anteriores a 11.2.202.508 en Linux, en Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5131 y CVE-2015-5133. An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file. • https://www.exploit-db.com/exploits/37857 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securityfocus.com/bid/76284 http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 94%CPEs: 9EXPL: 1CVE-2015-5133 – Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.TTF' File Embedded in SWF
https://notcve.org/view.php?id=CVE-2015-5133
Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5131 and CVE-2015-5132. Vulnerabilidad de desbordamiento de buffer en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y versiones anteriores a 11.2.202.508 en Linux, en Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5131 y CVE-2015-5132. An out-of-bounds memory read occurs when Adobe Flash parses a mutated TTF file embedded in a swf. • https://www.exploit-db.com/exploits/37858 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securityfocus.com/bid/76284 http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 85%CPEs: 9EXPL: 1CVE-2015-5134 – Adobe Flash - 'Setting' Use-After-Free
https://notcve.org/view.php?id=CVE-2015-5134
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Vulnerabilidad de uso después de liberación en la memoria en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y versiones anteriores a 11.2.202.508 en Linux, en Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5127, CVE-2015-5130, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564 y CVE-2015-5565. In certain cases where a native AS2 class sets an internal variable, it can lead to a use-after-free if the variable is a SharedObject. While this example shows setting NetConnection.contentType, this applies to several other variables including many properties of the Sound and NetStream classes. • https://www.exploit-db.com/exploits/37852 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securityfocus.com/bid/76288 http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb& •