CVE-2010-2160 – Adobe Flash Player AVM newFrameState Integer Overfow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2160
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. Adobe Flash Player v9.0.277.0 y v10.x antes de v10.1.53.64, y Adobe AIR antes v2.0.2.12610, permite a atacantes provocar una denegación de servicio (mediante corrupción de memoria) o posiblemente ejecutar código de su elección a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE -2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010 -2182, CVE-2010-2184, CVE-2010-2187 o CVE-2010-2188. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AVM bytecode verifier. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2178 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2178
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. Adobe Flash Player anterior a v9.0.277.0 y v10.x anterior a v10.1.53.64, y Adobe Air anterior a v2.0.2.12610, permite a atacantes provocar una denegación de servicio (corrupción de memoria) o posiblemente la ejecución de código de su elección a través de vectores no especificados. Vulnerabilidad distinta de CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, y CVE-2010-2188. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1024085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2164 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2164
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function." Una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player anterior a versión 9.0.277.0 y versión 10.x anterior a 10.1.53.64, y Adobe AIR anterior a versión 2.0.2.12610, podría permitir a los atacantes ejecutar código arbitrario por medio de vectores no especificados relacionados a un "image type within a certain function." no especificado. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gento • CWE-399: Resource Management Errors •
CVE-2010-2161 – flash-plugin: multiple security flaws (APSB10-14)
https://notcve.org/view.php?id=CVE-2010-2161
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." Un error de índice de matriz en Adobe Flash Player anterior a versión 9.0.277.0 y versión 10.x anterior a 10.1.53.64, y Adobe AIR anterior a versión 2.0.2.12610, podría permitir a atacantes ejecutar código arbitrario por medio de "types of Adobe Flash code." no especificado. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=871 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/40144 http://secunia.com/advisories/40545 http://secunia.com/advisories/43026 http://security.gento • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-6827 – Macromedia Flash 8 (Flash8b.ocx) Internet Explorer 7 - Denial of Service
https://notcve.org/view.php?id=CVE-2006-6827
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method. Flash8b.ocx en Macromedia Flash 8 permite a atacantes remotos provocar denegación de servicio (caida del Internet Explorer 7) a través de grandes cadenas en el método Flash8b.AllowScriptAccess. • https://www.exploit-db.com/exploits/3041 http://www.securityfocus.com/bid/21818 https://exchange.xforce.ibmcloud.com/vulnerabilities/31156 •