CVSS: 10.0EPSS: 90%CPEs: 5EXPL: 1CVE-2015-7647 – Adobe Flash - Type Confusion in IExternalizable.readExternal When Performing Local Serialization
https://notcve.org/view.php?id=CVE-2015-7647
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648. Adobe Flash Player en versiones anteriores a 18.0.0.255 y 19.x en versiones anteriores a 19.0.0.226 en Windows y OS X y en versiones anteriores a 11.2.202.540 en Linux permite a atacantes ejecutar código arbitrario aprovechando una 'confusión de tipos' no especificada, una vulnerabilidad diferente a CVE-2015-7648. If IExternalizable.readExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption. • https://www.exploit-db.com/exploits/38969 http://rhn.redhat.com/errata/RHSA-2015-1913.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77115 http://www.securitytracker.com/id/1033850 https://helpx.adobe.com/security/products/flash-player/apsb15-27.html https://security.gentoo.org/glsa/201511-02 https://access.redhat.com/security/cve/CVE-2015-7647 https://bugzilla.redhat.com/show_bug.cgi?id=1271966 •
CVSS: 10.0EPSS: 90%CPEs: 5EXPL: 1CVE-2015-7648 – Adobe Flash - Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter
https://notcve.org/view.php?id=CVE-2015-7648
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647. Adobe Flash Player en versiones anteriores a 18.0.0.255 y 19.x en versiones anteriores a 19.0.0.226 en Windows y OS X y en versiones anteriores a 11.2.202.540 en Linux permite a atacantes ejecutar código arbitrario aprovechando una 'confusión de tipos' no especificada, una vulnerabilidad diferente a CVE-2015-7647. There is a type confusion issue during serialization if ObjectEncoder.dynamicPropertyWriter is overridden with a value that is not a function. • https://www.exploit-db.com/exploits/38970 http://rhn.redhat.com/errata/RHSA-2015-1913.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77116 http://www.securitytracker.com/id/1033850 https://helpx.adobe.com/security/products/flash-player/apsb15-27.html https://security.gentoo.org/glsa/201511-02 https://access.redhat.com/security/cve/CVE-2015-7648 https://bugzilla.redhat.com/show_bug.cgi?id=1271966 •
CVSS: 9.3EPSS: 95%CPEs: 5EXPL: 1CVE-2015-7645 – Adobe Flash Player Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7645
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015. Adobe Flash Player 18.x hasta la versión 18.0.0.252 y 19.x hasta la versión 19.0.0.207 en Windows y OS X y 11.x hasta la versión 11.2.202.535 en Linux permite a atacantes remotos ejecutar código arbitrario a través de un archivo SWF manipulado, como se explotó activamente en octubre de 2015. If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption. Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. • https://www.exploit-db.com/exploits/38490 http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://packetstormsecurity.com/files/134009/Adobe-Flash-I •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2009-0522
https://notcve.org/view.php?id=CVE-2009-0522
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Adobe Flash Player 9.x antes de la 9.0.159.0 y 10.x antes de la 10.0.22.87 sobre Windows permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de una manipulación no especificada de la "pantalla el puntero del ratón", relacionada con un "ataque de Clickjacking ". • http://isc.sans.org/diary.html?storyid=5929 http://secunia.com/advisories/34012 http://securitytracker.com/id?1021752 http://www.adobe.com/support/security/bulletins/apsb09-01.html http://www.vupen.com/english/advisories/2009/0513 https://exchange.xforce.ibmcloud.com/vulnerabilities/48903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674 •
CVSS: 5.8EPSS: 1%CPEs: 39EXPL: 0CVE-2009-0114
https://notcve.org/view.php?id=CVE-2009-0114
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." Una vulnerabilidad no especificada en Administrador de configuración de Adobe Flash Player 9.x antes de 9.0.159.0, 10.x antes de 10.0.22.87 y, posiblemente otras versiones, permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de vectores desconocidos, relacionados con "una posible variante del problema de Clickjacking." • http://isc.sans.org/diary.html?storyid=5929 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/34226 http://secunia.com/advisories/34293 http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200903-23.xml http://securitytracker.com/id?1021751 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1 http://support.apple.com/kb/HT3549 http://www.adobe.com/support/security/bulletins/apsb09-01.html •