Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect

Source: https://code.google.com/p/google-security-research/issues/detail?id=416&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id This issue is a variant of issue 192 , which the fix did not address. If XMLSocket connect is called on an object that already has a destroy...

Adobe Flash AS2 - DisplacementMapFilter.mapBitmap Use-After-Free (2)

Source: https://code.google.com/p/google-security-research/issues/detail?id=377&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for https://code.google.com/p/chromium/issues/detail?id=487237 Credit is to bilou, working with the Chromium Vulnerability Rewar...

Adobe Flash AS2 - DisplacementMapFilter.mapBitmap Use-After-Free (1)

Source: https://code.google.com/p/google-security-research/issues/detail?id=358&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for https://code.google.com/p/chromium/issues/detail?id=457680 --- VULNERABILITY DETAILS There is a use after free in Flash caus...

Adobe Flash AS2 - DisplacementMapFilter.mapBitmap Use-After-Free (2)

Adobe Flash AS2 - DisplacementMapFilter.mapBitmap Use-After-Free 2 Source: https://code.google.com/p/google-security-research/issues/detail?id=377&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for https://code.google.com/p/chromium/issues/detail?id=48723...

Adobe Flash AS2 - DisplacementMapFilter.mapBitmap Use-After-Free (1)

Adobe Flash AS2 - DisplacementMapFilter.mapBitmap Use-After-Free 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=358&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for https://code.google.com/p/chromium/issues/detail?id=45768...

Flash Player < 13.0.0.305 / 18.0.0.209 Multiple RCE (APSB15-18)

Binary data 8822.prm...

flash-plugin: two code execution issues in APSA15-04 / APSB15-18

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installatio...

flashplugin: arbitrary code execution

CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...

lib32-flashplugin: arbitrary code execution

CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...

UBUNTU-CVE-2015-5123

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installatio...

CVE-2015-5123

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installatio...

CVE-2015-5123

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installatio...

Google Chrome < 43.0.2357.134 RCE Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.134. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Adobe Flash : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 AS...

Google Chrome < 43.0.2357.134 Multiple RCE Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.134. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Adobe Flash : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 AS3...

Adobe Flash ActionScript 3 BitmapData memory corruption vulnerability

Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 BitmapData object, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.204 contain amemory corruption...

Updates Available for Flash AS3 opaqueBackground and BitmapData Use-After-Free Vulnerabilities

Adobe has released security updates to address critical vulnerabilities within the ActionScript 3 opaqueBackground and BitmapData classes of Flash Player. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected includ...

PT-2015-1512 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 11.x through 11.2.202.481 Adobe Flash Player versions 12.x through 18.0.0.204 Adobe Flash Player versions 13.x through 13.0.0.302 Adobe Flash Player versions 14.x through 18.0.0.203 Description: The issue is relate...

VulnCheck KEV: CVE-2015-5123

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service DoS...

Adobe Flash Player copyPixelsToByteArray Integer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player copyPixelsToByteArray Integer Overflow', 'Description' = %q This module exploits an integer overflow in Adobe Fla...

Adobe Flash Player copyPixelsToByteArray Method Integer Overflow

This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This...