CVE-2012-5278 – flash-plugin: multiple code-execution flaws (APSB12-24)
https://notcve.org/view.php?id=CVE-2012-5278
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. Adobe Flash Player antes de v10.3.183.43 y v11.x antes de v11.5.502.110 en Windows y Mac OS X, antes de v10.3.183.43 y v11.x antes de v11.2.202.251 en Linux, antes de v11.1.111.24 en Android 2.x y 3.x y antes de v11.1.115.27 en Android 4.x, y Adobe AIR antes de v3.5.0.600, y Adobe AIR SDK antes de v3.5.0.600 permiten a los atacantes para eludir restricciones de acceso previstos y ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.html http://rhn.redhat.com/errata/RHSA-2012-1431.html http://secunia.com/advisories/51186 http://secunia.com/advisories/51207 http://secunia.com/advisories/51213 http://secunia.com/advisories/51245 htt • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-5277 – flash-plugin: multiple code-execution flaws (APSB12-24)
https://notcve.org/view.php?id=CVE-2012-5277
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280. Desbordamiento de búfer en Adobe Flash Player antes de v10.3.183.43 y v11.x antes de v11.5.502.110 en Windows y Mac OS X, antes de v10.3.183.43 y 11.x antes de v11.2.202.251 en Linux, antes de v11.1.111.24 en Android 2.x y 3.x, y antes de v11.1.115.27 en Android 4.x, Adobe AIR antes de v3.5.0.600, y Adobe AIR SDK antes de v3.5.0.600 permite a los atacantes ejecutar código de su elección a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2012-5274, CVE-2012-5275, CVE-2012-5276 y CVE-2012 5280. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.html http://rhn.redhat.com/errata/RHSA-2012-1431.html http://secunia.com/advisories/51186 http://secunia.com/advisories/51207 http://secunia.com/advisories/51213 http://secunia.com/advisories/51245 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-4168 – flash-plugin: cross-domain information leak flaw (APSB12-19)
https://notcve.org/view.php?id=CVE-2012-4168
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site. Adobe Flash Player anterior a v11.4.402.265 en Windows y Mac OS X, anterior a v11.2.202.238 en Linux, anterior a v11.1.111.16 en Android v2.x y v3.x, y anterior a v11.1.115.17 en Android v4.x; Adobe AIR anterior a v3.4.0.2540; y Adobe AIR SDK anterior a v3.4.0.254 permite atacantes remotos leer contenido desde un dominio diferente a través de un sitio web manipulado. • http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2012-1203.html http://security.gentoo.org/glsa/glsa-201209-01.xml http://www.adobe.com/support/security/bulletins/apsb12-19.html https://access.redhat.com/security/cve/CVE-2012-4168 https://bugzilla.redhat.com/show_bug.cgi?id=850529 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-4163 – flash-plugin: multiple code execution flaws (APSB12-19)
https://notcve.org/view.php?id=CVE-2012-4163
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4164 and CVE-2012-4165. Adobe Flash Player anterior a v11.4.402.265 en Windows y Mac OS X, anterior a v11.2.202.238 en Linux, anterior a v11.1.111.16 en Android v2.x y v3.x, y anterior a v11.1.115.17 en Android v4.x; Adobe AIR anterior a v3.4.0.2540; y Adobe AIR SDK anterior a v3.4.0.2540 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente de CVE-2012-4164, CVE-2012-4165, y CVE-2012-4166. • http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2012-1203.html http://security.gentoo.org/glsa/glsa-201209-01.xml http://www.adobe.com/support/security/bulletins/apsb12-19.html https://access.redhat.com/security/cve/CVE-2012-4163 https://bugzilla.redhat.com/show_bug.cgi?id=850528 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-4164 – flash-plugin: multiple code execution flaws (APSB12-19)
https://notcve.org/view.php?id=CVE-2012-4164
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163 and CVE-2012-4165. Adobe Flash Player anterior a v11.4.402.265 en Windows y Mac OS X, anterior a v11.2.202.238 en Linux, anterior a v11.1.111.16 en Android v2.x y v3.x, y anterior a v11.1.115.17 en Android v4.x; Adobe AIR anterior a v3.4.0.2540; y Adobe AIR SDK anterior a v3.4.0.2540 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente de CVE-2012-4163, CVE-2012-4165, y CVE-2012-4166. • http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2012-1203.html http://security.gentoo.org/glsa/glsa-201209-01.xml http://www.adobe.com/support/security/bulletins/apsb12-19.html https://access.redhat.com/security/cve/CVE-2012-4164 https://bugzilla.redhat.com/show_bug.cgi?id=850528 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •