Next Page >>
Adobe Flash Player
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), cross site request forgery (CSRF), execution of arbitrary code, and Denial of Service (DoS).
References: CVE-2010-3636
Adobe Flash Player
CVE-2010-3637
Adobe Flash Player
CVE-2010-3638
Design flaw in AS3 socket handling allows port probing
# Summary
Due to a design flaw in ActionScript 3 socket handling, compiled
Flash movies are able to scan for open TCP ports on any host
reachable from the host running the SWF, bypassing the Flash Player
Security Sandbox Model and without the need to rebind DNS.
# Technical background
In AS3 Adobe introduced a new socket-related event called
SecurityErrorEvent. This event is always thrown when a Flash Player
Dear Stefan Kanthak,
As far as I can see, Internet Explorer actually uses flash10b.ocx.
Adobe
Flash Player 10.0 r22
--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
SK> Windows Update (as well as Microsoft Update and the Automatic Update)
SK> installs an outdated (and from its manufacturer unsupported) Flash
VUPEN Security Research - Adobe Flash Player ActionScript FileReference
Buffer Overflow (APSB11-21)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
PUBLIC
=========================================================================
ACROS Security Problem Report #2010-11-05-01
-------------------------------------------------------------------------
ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player
=========================================================================
Document ID: ASPR #2010-11-05-01-PUB
Vendor: Adobe Systems, Inc. (http://www.adobe.com)
Target: Adobe Flash Player for Windows
>Dear Stefan Kanthak,
>
>As far as I can see, Internet Explorer actually uses flash10b.ocx.
>Adobe
>Flash Player 10.0 r22
>
>--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
>
>SK> Windows Update (as well as Microsoft Update and the Automatic Update)
>SK> installs an outdated (and from its manufacturer unsupported) Flash
The unhappy end:
* Start with a fully patched Windows XP with Service Pack 3 AND the
current Adobe Flash Player ActiveX v10.0r22.87 installed.
Since recent Flash Player installers remove any older versions of the
ActiveX control this means that neither FLASH.OCX nor SWFLASH.OCX are
present in %SystemRoot%\System32\Macromed\ or
%SystemRoot%\System32\Macromed\Flash\
PUBLIC
=========================================================================
ACROS Security Problem Report #2011-02-11-2
-------------------------------------------------------------------------
ASPR #2011-02-11-2: Remote Binary Planting in Adobe Flash Player
=========================================================================
Document ID: ASPR #2011-02-11-2-PUB
Vendor: Adobe Systems, Inc. (http://www.adobe.com)
Target: Adobe Flash Player
VUPEN Security Research - Adobe Flash Player GIF/JPEG Data Parsing Heap
Overflow Vulnerabilities (CVE-2010-2167)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Flash Player is a cross-platform browser-based application runtime
VUPEN Security Research - Adobe Flash Player "newfunction" Invalid Pointer
Vulnerability (CVE-2010-2174)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Flash Player is a cross-platform browser-based application runtime
VUPEN Security Research - Adobe Flash Player "newclass" Invalid Pointer
Vulnerability (CVE-2010-2173)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Flash Player is a cross-platform browser-based application runtime
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in Adobe Reader and Adobe Flash Player allow
for attacks including the remote execution of arbitrary code.
Background
==========
VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption
Vulnerability (CVE-2011-2459)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: January 03, 2010
Bugs: #296407
ID: 201001-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: March 10, 2009
Bugs: #239543, #251496, #260264
ID: 200903-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 09, 2011
I. BACKGROUND
Adobe Flash Player is an application for viewing animations and movies
using computer programs such as a Web browser; in common usage, Flash
lets you put animation and movies on a website. Flash Player runs SWF
files that can be created by the Adobe Flash authoring tool, by Adobe
Flex, or by a number of other Macromedia and third-party tools. For more
information, please visit following website:
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 09, 2011
I. BACKGROUND
Adobe Flash Player is an application for viewing animations and movies
using computer programs such as a Web browser; in common usage, Flash
lets you put animation and movies on a website. Flash Player runs SWF
files that can be created by the Adobe Flash authoring tool, by Adobe
Flex, or by a number of other Macromedia and third-party tools. For more
information, please visit following website:
Vendor Advisory URL: http://www.adobe.com/support/security/bulletins/apsb08-22.html
Summary:
--------
iSEC applied targeted fuzzing to the ActionScript 2 virtual machine used
by the Adobe Flash player, and identified several issues which could
lead to denial of service, information disclosure or code execution
when parsing a malicious SWF file. The majority of testing occurred
during 120 hours of automated SWF-specific fault injection testing
in which several hundred unique control paths were identified that
trigger bugs and/or potential vulnerabilities in the Adobe Flash Player.
VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory
Corruption (APSB12-05 / CVE-2012-0768)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
VUPEN Security Research - Adobe Flash Player NetStream Remote Code
Execution Vulnerability (APSB12-07 / CVE-2012-0773)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
Successful exploitation allows execution of arbitrary code.
======================================================================
4) Solution
Install the latest version of Adobe Flash Player.
======================================================================
5) Time Table
18/10/2007 - Vendor notified.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: January 21, 2011
Bugs: #307749, #322855, #332205, #337204, #343089
ID: 201101-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: October 13, 2011
Bugs: #354207, #359019, #363179, #367031, #370215, #372899,
#378637, #384017
ID: 201110-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: January 20, 2008
Updated: January 20, 2008
Bugs: #193519
ID: 200801-07:02
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 10, 2010
I. BACKGROUND
Adobe Flash Player is a very popular Web browser plugin. It is available
for multiple Web browsers and platforms, including Windows, Linux and
MacOS. Flash Player enables Web browsers to display rich multimedia
content, such as online videos, and is often a requirement for popular
websites. For more information, see the vendor's site at the following
link.
http://labs.idefense.com/intelligence/vulnerabilities/
Jun 10, 2010
I. BACKGROUND
Adobe Flash Player is a very popular Web browser plugin. It is available
for multiple Web browsers and platforms, including Windows, Linux and
MacOS. Flash Player enables Web browsers to display rich multimedia
content, such as online videos, and is often a requirement for popular
websites. For more information, see the vendor's site at the following
link.
Title:
[Kil13r-SA-20100513] Adobe Flash Player 10.0 Denial Of Service Vulnerability
Author:
Kil13r - http://www.kil13r.info/
Local / Remote:
Local
Timeline:
======================================================================
Secunia Research 08/04/2008
- Adobe Flash Player "Declare Function (V7)" Heap Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 24, 2009
I. BACKGROUND
Adobe Flash Player is a very popular web browser plugin. It is available
for multiple web browsers and platforms, including Windows, Linux and
MacOS. Flash Player enables web browsers to display rich multimedia
content, such as online videos, and is often a requirement for popular
websites.
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 06, 2009
I. BACKGROUND
Adobe Flash Player is Flash Player is a cross-platform browser plug-in
that delivers interactive content for Web experiences. For more
information, please visit following page:
http://www.adobe.com/products/flashplayer/
Next Page>>
|
