CVE-2018-4919 – flash-plugin: Use After Free - remote code execution vulnerability (APSB18-05)
https://notcve.org/view.php?id=CVE-2018-4919
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player, en versiones 28.0.0.161 y anteriores, tiene una vulnerabilidad explotable de uso de memoria previamente liberada. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. • http://www.securityfocus.com/bid/103385 http://www.securitytracker.com/id/1040509 https://access.redhat.com/errata/RHSA-2018:0520 https://helpx.adobe.com/security/products/flash-player/apsb18-05.html https://access.redhat.com/security/cve/CVE-2018-4919 https://bugzilla.redhat.com/show_bug.cgi?id=1555029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2018-4877 – Adobe Flash Player QOSProvider attachMediaPlayerItemLoader Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4877
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player, en versiones anteriores a la 28.0.0.161. Esta vulnerabilidad ocurre debido a un puntero pendiente en el SDK Primetime relacionado con la funcionalidad de calidad del servicio del media player. • http://www.securityfocus.com/bid/102930 https://access.redhat.com/errata/RHSA-2018:0285 https://helpx.adobe.com/security/products/flash-player/apsb18-03.html https://access.redhat.com/security/cve/CVE-2018-4877 https://bugzilla.redhat.com/show_bug.cgi?id=1541981 • CWE-416: Use After Free •
CVE-2018-4878 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2018-4878
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player, en versiones anteriores a la 28.0.0.161. • https://www.exploit-db.com/exploits/44412 https://www.exploit-db.com/exploits/44745 https://www.exploit-db.com/exploits/44744 https://github.com/vysecurity/CVE-2018-4878 https://github.com/KathodeN/CVE-2018-4878 https://github.com/mdsecactivebreach/CVE-2018-4878 https://github.com/SyFi/CVE-2018-4878 https://github.com/hybridious/CVE-2018-4878 https://github.com/B0fH/CVE-2018-4878 https://github.com/Yable/CVE-2018-4878 https://github.com/lvyoshino/CVE-2018-4878 • CWE-416: Use After Free •
CVE-2018-4871 – Adobe Flash ATF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-4871
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema de lectura fuera de límites en Adobe Flash Player en versiones anteriores a la 28.0.0.137. • http://www.securityfocus.com/bid/102465 http://www.securitytracker.com/id/1040155 https://access.redhat.com/errata/RHSA-2018:0081 https://helpx.adobe.com/security/products/flash-player/apsb18-01.html https://access.redhat.com/security/cve/CVE-2018-4871 https://bugzilla.redhat.com/show_bug.cgi?id=1532810 • CWE-125: Out-of-bounds Read •
CVE-2017-11305 – flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)
https://notcve.org/view.php?id=CVE-2017-11305
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. Una regresión que afecta a Adobe Flash Player en su versión 27.0.0.187 (y anteriores) provoca el restablecimiento accidental del archivo de preferencias de configuraciones globales cuando un usuario borra los datos del navegador. • http://www.securityfocus.com/bid/102139 http://www.securitytracker.com/id/1039986 https://access.redhat.com/errata/RHSA-2018:0081 https://helpx.adobe.com/security/products/flash-player/apsb17-42.html https://access.redhat.com/security/cve/CVE-2017-11305 https://bugzilla.redhat.com/show_bug.cgi?id=1525508 •