Adobe Flash AS2 - textfield.filters Use-After-Free (3)

Source: https://code.google.com/p/google-security-research/issues/detail?id=444&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for https://code.google.com/p/chromium/issues/detail?id=498984 Credit is to bilou, working with the Chromium Vulnerability Rewards Progra...

Flash Player - Integer Overflow in Function.apply

Source: https://code.google.com/p/google-security-research/issues/detail?id=302&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=470837 VULNERABILITY DETAILS An integer overflow while calling Function.apply ca...

Adobe Flash AS2 - textfield.filters Use-After-Free (3)

Adobe Flash AS2 - textfield.filters Use-After-Free 3 Source: https://code.google.com/p/google-security-research/issues/detail?id=444&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for https://code.google.com/p/chromium/issues/detail?id=498984 Credit is to bilou,...

Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipt's Sound Object

Source: https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id 90-day deadline tracking for https://code.google.com/p/chromium/issues/detail?id=481639 --- An instance of ActionScript's Sound class allows for...

CVE-2 0 1 5-3 1 1 3 analysis-vulnerability warning-the black bar safety net

Fireeye in its 6-month 2 3 day post“Operation ceeinject. Gen! g Wolf”are discussed in a cyber-espionage group, known as APT3, in Adobe Flash using a 0day vulnerability. Unit42 also use the UPS tracking APT3 group, it was originated in China the invasion of the toolset, with the earlier of 0day...

Flash Player < 13.0.0.305 / 18.0.0.209 Multiple RCE (APSB15-18)

Binary data 8822.prm...

Early into the flash vulnerability analysis-vulnerability warning-the black bar safety net

Cut-off date by hackting team leaks the derived has been patched or will be patched 0day has reached 6 months. 3 by the ValueOf function induced flash vulnerabilities, 2 ring0 can lead to mentioning the right of the font parsing vulnerability, adobe or. dll kernel font parsing components, as well...

SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1258-1)

flash-player was updated to fix two security issues. These security issues were fixed : - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of...

openSUSE Security Update : Adobe Flash Player (openSUSE-2015-496)

Adobe Flash Player was updated to 11.2.202.491 to fix two security issues. The following vulnerabilities were fixed : - CVE-2015-5122: Specially crafted Flash content allowed attackers to execute arbitrary code via a use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS...

flash-plugin: two code execution issues in APSA15-04 / APSB15-18

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installatio...

flashplugin: arbitrary code execution

CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...

CVE-2015-5123

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installatio...

Design/Logic Flaw

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome...

CVE-2015-5122

CVE-2015-5122 involves a Use-After-Free in the DisplayObject class of the AS3 Flash Player. It affects Flash Player 13.x–18.x on Windows/macOS, 11.x–11.2.x on Linux, and 12.x–18.0.0.204 on Linux Chrome. The flaw, triggered by improper handling of the opaqueBackground property, enables remote code...

CVE-2015-5122

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome...

CVE-2015-5122

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome...

Adobe Flash Player <= 18.0.0.203 Multiple RCE Vulnerabilities (APSB15-18) (Mac OS X)

The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 18.0.0.203. It is, therefore, affected by multiple remote code execution vulnerabilities : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 AS3 implementation. A...

Google Chrome < 43.0.2357.134 RCE Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.134. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Adobe Flash : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 AS...

Adobe Flash Player <= 18.0.0.203 Multiple RCE Vulnerabilities (APSB15-18)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.203. It is, therefore, affected by multiple remote code execution vulnerabilities : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 AS3 implementation. A...

Google Chrome < 43.0.2357.134 Multiple RCE Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.134. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Adobe Flash : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 AS3...