Adobe Flash ActionScript 3 ByteArray Use After Free (APSA15-03: CVE-2015-5119)

A vulnerability exists within Adobe Flash Player ActionScript 3 ByteArray class. A successful exploitation can allow a remote attacker to execute arbitrary code on a vulnerable system...

Microsoft Internet Explorer释放后重用远程代码执行漏洞

BUGTRAQ ID: 65551 CVECAN ID: CVE-2014-0322 Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer 10在实现上存在释放后重利用漏洞，攻击者可利用此漏洞修改任意地址处的内存字节，结合Flash ActionScript获取内存读写权限，读出actionscript中对象的虚表指针，从而绕过ASLR；然后使用ROOP技术绕过DEP。 0 Microsoft Internet Explorer 10 临时解决方法： 安装EMET或升级到IE 11以防恶意利用此漏洞。...

CVE-2014-0322: Internet Explorer zero-day exploit targets US Military Intelligence

Hackers are using a zero day vulnerability in Microsoft's Internet Explorer IE web browser and targeting US military personnels in an active attack campaign, dubbed as 'Operation Snowman'. FireEye Researchers have discovered that a U.S. veterans website was compromised to serve a zero day exploit...