CVE-2017-11225 – flash-plugin: multiple code execution issues fixed in APSB17-33
https://notcve.org/view.php?id=CVE-2017-11225
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. Se ha descubierto un problema en Adobe Flash Player 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 http://www.securitytracker.com/id/1039778 https://access.redhat.com/errata/RHSA-2017:3222 https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.gentoo.org/glsa/201711-13 https://access.redhat.com/security/cve/CVE-2017-11225 https://bugzilla.redhat.com/show_bug.cgi?id=1513132 • CWE-416: Use After Free •
CVE-2017-3112 – Adobe Flash NetworkConfiguration addCustomHeader Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3112
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Flash Player 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 http://www.securitytracker.com/id/1039778 https://access.redhat.com/errata/RHSA-2017:3222 https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.gentoo.org/glsa/201711-13 https://access.redhat.com/security/cve/CVE-2017-3112 https://bugzilla.redhat.com/show_bug.cgi?id=1513132 • CWE-125: Out-of-bounds Read •
CVE-2017-11215 – flash-plugin: multiple code execution issues fixed in APSB17-33
https://notcve.org/view.php?id=CVE-2017-11215
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. Se ha descubierto un problema en Adobe Flash Player en versiones 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 http://www.securitytracker.com/id/1039778 https://access.redhat.com/errata/RHSA-2017:3222 https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.gentoo.org/glsa/201711-13 https://access.redhat.com/security/cve/CVE-2017-11215 https://bugzilla.redhat.com/show_bug.cgi?id=1513132 • CWE-416: Use After Free •
CVE-2017-11213 – Adobe Flash Player BitmapData hitTest Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11213
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Flash Player 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 http://www.securitytracker.com/id/1039778 https://access.redhat.com/errata/RHSA-2017:3222 https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.gentoo.org/glsa/201711-13 https://access.redhat.com/security/cve/CVE-2017-11213 https://bugzilla.redhat.com/show_bug.cgi?id=1513132 • CWE-125: Out-of-bounds Read •
CVE-2017-3114 – Adobe Flash LocaleID determinePreferredLocales Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3114
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Flash Player 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 http://www.securitytracker.com/id/1039778 https://access.redhat.com/errata/RHSA-2017:3222 https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.gentoo.org/glsa/201711-13 https://access.redhat.com/security/cve/CVE-2017-3114 https://bugzilla.redhat.com/show_bug.cgi?id=1513132 • CWE-125: Out-of-bounds Read •