CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 1CVE-2011-2462 – Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2011-2462
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. Vulnerabilidad no especificada en el componente de U3D en Adobe Reader y Acrobat v10.1.1 y versiones anteriores para Windows y Mac OS X, y Adobe Reader v9.x hasta v9.4.6 en UNIX, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos, explotado "in the wild" en diciembre de 2011. The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS). • https://www.exploit-db.com/exploits/18366 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html http://www.adobe.com/support/security/advisories/apsa11-04.html http://www.adobe.com/support/security/bulletins/apsb11-30.html http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.redhat.com/support/errata/RHSA-2012-0011.html http://www.us-cert.gov/cas/techalerts/TA11-350A • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 138EXPL: 0CVE-2011-2107 – flash-plugin: Cross-site scripting vulnerability (APSB11-13)
https://notcve.org/view.php?id=CVE-2011-2107
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player anteriores a v10.3.181.22 en Windows, Mac OS X, Linux, y Solaris, y v10.3.185.22 y anteriores en Android, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos, relacionado con "vulnerabilidad universal de ejecución de comandos en sitios cruzados". • http://googlechromereleases.blogspot.com/2011/06/stable-channel-update.html http://secunia.com/advisories/44846 http://secunia.com/advisories/44847 http://secunia.com/advisories/44871 http://secunia.com/advisories/44872 http://secunia.com/advisories/44946 http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-13.html http://www.blackberry.com/btsc/KB27240 http://www.redhat.com/support/errata/RHSA-2011-0850.html http://www.securityfocus.com/bid&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 97%CPEs: 156EXPL: 4CVE-2010-3654 – Adobe Flash Player "Button" Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-3654
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. Flash Player de Adobe anterior a versión 9.0.289.0 y versiones 10.x anteriores a 10.1.102.64 en Windows, Mac OS X, Linux y Solaris y versión 10.1.95.1 en Android, y authplay.dll (también se conoce como AuthPlayLib.bundle o libauthplay.so.0.0.0) en Reader y Acrobat de Adobe versiones 9.x hasta 9.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) por medio de contenido SWF diseñado, como se explotó “in the wild” en octubre de 2010. • https://www.exploit-db.com/exploits/17187 https://www.exploit-db.com/exploits/16667 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash1 http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html http://secunia.com/advisorie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 83%CPEs: 164EXPL: 0CVE-2010-2884 – Flash: crash or potential arbitrary code execution (APSB10-22)
https://notcve.org/view.php?id=CVE-2010-2884
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. Vulnerabilidad sin especificar en Adobe Flash Player v10.1.82.76 y anteriores para Windows, Macintosh, Linux, Solaris; Flash Player v10.1.92.10 para Android; Reader v9.3.4 para Windows, Macintosh and UNIX; y Acrobat v9.3.4 y anteriores para Windows y Macintosh permite a los atacantes remotos causar una denegación de servicio (caída) y ejecutar código a su elección a través de vectores desconocidos, se explota activamente desde Septiembre de 2010. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41434 http://secunia.com/advisories/41435 http://secunia.com/advisories/41443 http://secunia.com/advisories/41526 http://secunia.com/advisories/43025 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-08. •
CVSS: 6.8EPSS: 2%CPEs: 84EXPL: 0CVE-2010-0186 – flash-plugin: unauthorized cross-domain requests (APSB10-06)
https://notcve.org/view.php?id=CVE-2010-0186
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. Vulnerabilidad de tipo cross-domain en Adobe Flash Player anterior a versión 10.0.45.2, Adobe AIR anterior a 1.5.3.9130 y Adobe Reader y Acrobat 8.x anterior al 8.2.1 y 9.x anterior al 9.3.1 permite a los atacantes remotos omitir las restricciones de sandbox previstas y hacer peticiones de tipo cross-domain por medio de vectores no específicos. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38547 http://secunia.com/advisories/38639 http://secunia.com/advisories/38915 http://secunia.com/advisories/40220 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-09.xml http://securitytracker.com/id?1023585 http://support.apple.com/kb/HT4188 http://www.adobe.com/sup •