23 matches found
Drive-by download campaign targets Chinese websites, experiments with exploits
During our web crawls we sometimes come across bizarre findings or patterns we haven't seen before. This was the case with a particular drive-by download attack planted on Chinese websites. While by no means advanced it turned out to be fairly buggy, we witnessed a threat actor experimenting with...
Mageia: Security Advisory (MGASA-2015-0273)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Attacking ECMAScript Engines with Redefinition
Posted by Natalie Silvanovich = function return n; ECMAScript has a property where almost all functions and variables can be dynamically redefined. This can lead to vulnerabilities in situations where native code assumes a function or variable behaves a certain way when accessed or does not have...
Three pieces of Flash 0day vulnerability exposure, Flash again the emergency update-bug warning-the black bar safety net
Firefox developers in the latest version of the Firefox browser in the Flash Player Plug-In included in the shield list, which means that on the website all Flash content will be disabled and the user had to manually open the Flash. Adobe today released the latest 1 8. 0. 0. 2 0 9 version, has be...
Technical analysis: Hacking Team for Flash 0day brace-vulnerability warning-the black bar safety net
! The vast JIT CODE, how to find we want to track The code? Borrow HackingTeam Flash 0day event detail debug flow and jitcode, to help some friends to follow better learning. ValueOf the frequency out of the vulnerability, adobe now has been the lack what fill what, a 7 on No. 8, only repair the...
Wekby APT 18 Exploiting Hacking Team Flash Zero Day
The Wekby APT group, implicated in a number of targeted attacks against health care organizations such as Community Health Systems and major pharmaceutical companies, is reportedly making use of the Adobe Flash Player zero-day found in the Hacking Team data dump. According to Virginia-based...
Updated flash-player-plugin package fixes critical security vulnerabilities
Adobe Flash Player 11.2.202.481 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published. This updat...
openSUSE Security Update : flash-player (openSUSE-2015-473) (Underminer)
flash-player was updated to fix one security issue. This security issue was fixed : - CVE-2015-5119: Unspecified vulnerability allowing remote attackers to take over the system bsc937339. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
FreeBSD : Adobe Flash Player -- critical vulnerabilities (348bfa69-25a2-11e5-ade1-0011d823eebd) (Underminer)
Adobe reports : Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly publishe...
Security update for flash-player (critical)
flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2015-5119: Unspecified vulnerability allowing remote attackers to take over the system bsc937339...
CVE-2015-5119
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...
Immunity Canvas: ADOBE_FLASH_VALUEOF
Name| adobeflashvalueof ---|--- CVE| CVE-2015-5119 Exploit Pack| CANVAS Description| adobeflashvalueof Notes| CVE Name: CVE-2015-5119 VENDOR: Adobe Notes: Tested on: - Windows 7 x86/x64 IE32/64 8, 9, 11 This module exploits a use after free vulnerability on Adobe Flash Player. When you have a...
CVE-2015-5119
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2015-5119
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2015-5119
The CVE-2015-5119 entry documents a use-after-free in Adobe Flash Player’s AS3 ByteArray class. The vulnerability arises when a crafted valueOf override in an object causes the ByteArray storage to be reallocated during a write ba[0] = obj, leading to memory corruption and potential remote code e...
CVE-2015-5119
creationtimestamp| type| source ---|---|--- 2015-07-08 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/37523 2015-07-08 06:53:08+00:00| seen| MISP/559cc8a7-1a7c-4002-bff0-4e1d950d210b 2015-07-09 08:29:31+00:00| seen| MISP/559e30bc-535c-4713-ae52-406f950d210b 2015-07-13...
Adobe Flash ActionScript 3 ByteArray Use After Free (APSA15-03: CVE-2015-5119)
A vulnerability exists within Adobe Flash Player ActionScript 3 ByteArray class. A successful exploitation can allow a remote attacker to execute arbitrary code on a vulnerable system...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. These include a critical vulnerability CVE-2015-5119 in Adobe Flash Player 18.0.0.194 and earlier versions. Adobe is aware of a report that an exploit targeting CVE-2015-5119...
Adobe Flash Player Use-After-Free Vulnerability (Jul 2015) - Mac OS X
Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt47
3:11-alt47 built July 8, 2015 Sergey V Turchin in task 146142 July 8, 2015 Sergey V Turchin - new version - security fixes: CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122,...