Google Chrome < 43.0.2357.134 RCE Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.134. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Adobe Flash : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 AS...

Adobe Flash Player <= 18.0.0.203 Multiple RCE Vulnerabilities (APSB15-18)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.203. It is, therefore, affected by multiple remote code execution vulnerabilities : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 AS3 implementation. A...

Google Chrome < 43.0.2357.134 Multiple RCE Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.134. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Adobe Flash : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 AS3...

Updates Available for Flash AS3 opaqueBackground and BitmapData Use-After-Free Vulnerabilities

Adobe has released security updates to address critical vulnerabilities within the ActionScript 3 opaqueBackground and BitmapData classes of Flash Player. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected includ...

PT-2015-1511 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 11.x through 11.2.202.481 Adobe Flash Player versions 12.x through 18.0.0.204 Adobe Flash Player versions 13.x through 13.0.0.302 Adobe Flash Player versions 14.x through 18.0.0.203 Description: The issue is relate...

CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2015-5119

The CVE-2015-5119 entry documents a use-after-free in Adobe Flash Player’s AS3 ByteArray class. The vulnerability arises when a crafted valueOf override in an object causes the ByteArray storage to be reallocated during a write ba[0] = obj, leading to memory corruption and potential remote code e...

CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...

Adobe Flash ActionScript 3 ByteArray Use After Free (APSA15-03: CVE-2015-5119)

A vulnerability exists within Adobe Flash Player ActionScript 3 ByteArray class. A successful exploitation can allow a remote attacker to execute arbitrary code on a vulnerable system...

Adobe Flash ActionScript 3 ByteArray Use-After-Free Vulnerability

Adobe Flash Player contains a vulnerability within the ActionScript 3 ByteArray class, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected include Adobe Flash Player 9.0 through 18.0.0.194. Users and administrators are encouraged to review...

Adobe Flash Player ActionScript 3 Integer Overflow (APSB11-21; CVE-2011-2416)

Adobe Flash Player is a multimedia and application player that renders Shockwave Flash SWF files. An integer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient input validation by the application while executing ActionScript code. A remote...

Adobe Flash Player ActionScript 3 Movie Canvas Memory Corruption (APSB11-21; CVE-2011-2135)

The vulnerability is due an error in the way the application performs boundary checks on the ActionScript tags while loading objects to Movie Canvas in SWF files. A remote attacker could exploit this vulnerability by enticing an unsuspecting victim to open a web page containing malicious SWF file...

Adobe Flash Player ActionScript 3 Buffer Overflow (APSB11-21; CVE-2011-2136)

Adobe Flash Player is a multimedia and application player that renders Shockwave Flash SWF files. A buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient input validation by the application while executing ActionScript code. A remote...

Adobe Flash Player ActionScript 3 Memory Corruption (APSB11-21; CVE-2011-2415)

Adobe Flash Player is a multimedia and application player that renders Shockwave Flash SWF files. A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient input validation by the application while executing ActionScript code. A remote...

Adobe Flash Player ActionScript SecurityErrorEvent绕过安全限制漏洞

BUGTRAQ ID: 25260 CVECAN ID: CVE-2007-4324 Flash Player是一款非常流行的FLASH播放器。 Flash Player中的ActionScript 3（AS3）允许远程攻击者通过指定了连接的SWF电影绕过安全沙盒模型获得敏感信息并端口扫描任意主机，然后使用SecurityErrorEvent错误的定时差异判断端口是否开放。 AS3 Adobe引入了新的套接字相关事件SecurityErrorEvent。当Flash Player试图连接到关闭的TCP端口时会立即出现SecurityErrorEvent，如果服务在监听该端口Flash...

Design/Logic Flaw

ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...

CVE-2007-4324

Summary: CVE-2007-4324 affects Adobe Flash Player (and related Flash plugins) where ActionScript/Flash content could be used to determine open ports on a target via timing discrepancies in SecurityErrorEvent handling. Connected advisories (RHSA/RHSA sub-pages) confirm this issue as part of multip...

Design flaw in AS3 socket handling allows port probing

Design flaw in AS3 socket handling allows port probing Summary Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the...