Adobe Flash version 14.0.0.145 copyPixelsToByteArray() heap overflow proof of concept exploit.
166a57b3405bb750c323b5344a65f63fcd9ab165a71edf5188ec594b3a88fa98Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
6cefeb9d53564ddd95662c3efb212b82978bad23acf898881484202536c67aa9This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.
b495613b72210817067894eb7ff5c08f46dcd44c9088ea935d0a7be729049d9aSecunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
e49512d4b1183a2b7f7d1e89472e2bc893629bbfad4358cdbeb4e99198996262Red Hat Security Advisory 2012-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238.
c10d85f5137cb075e49ec0b6380b902d41df64cf1042cece8b3a15b524552b6aSecunia Security Advisory - A vulnerability has been reported in Flash Player, which can be exploited by malicious people to compromise a user's system.
e0733d737d0d8ddbe3aadff8a040109e471ebf225c1b95fa19168f756675e864Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a FlashTunnelService remote file deletion vulnerability.
311f91db815c5072aac47198136e9ee10f620d76d370e8cac2b356c864e2ee5eOracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.
acb8d1760f5f38380a8cfd44a94ad8e001b2abf766fc39b9cc5f2f92f8d61758Secunia Security Advisory - Two vulnerabilities have been discovered in the Simple Video Flash Player for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.
9df20f91497034cf913395b05a7fb43d08018c030260a70ebd99396fa8c979e2Various flash players, such as JWPlayer for MODx, Simple video flash player for Joomla, Poodll for Moodle, RokBox for Joomla, and RokBox for WordPress all suffer from a cross site scripting vulnerability.
260067c1b6a7935399c21b2621857237ac79808b7df319270dbb7fa906648b17Secunia Security Advisory - Gentoo has issued an update for adobe-flash. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
078b25aa7ef2396a9e4ae66f18f4d05328b1f931339891c2cd3155bd208017efGentoo Linux Security Advisory 201206-21 - Multiple vulnerabilities have been found in Adobe Flash Player could result in the execution of arbitrary code or Denial of Service. Versions less than 11.2.202.236 are affected.
7222e3252d7d0fdb64aebdfc3716ee393821e2bc4558b1b340a50587b3420c6cThis Metasploit module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt AMF0 "_error" response, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack. According to the advisory, 10.3.183.19 and 11.x before 11.2.202.235 are affected.
278d32f3bc7f3344e48d9ed25bcb65be25041499b78ba981e26d568f755202eeThis Metasploit module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for attacks against Korean based organizations. Specifically, this issue occurs when indexing an array using an arbitrary value, memory can be referenced and later executed. Taking advantage of this issue does not rely on heap spraying as the vulnerability can also be used for information leakage. Currently this exploit works for IE6, IE7, IE8, Firefox 10.2 and likely several other browsers under multiple Windows platforms. This exploit bypasses ASLR/DEP and is very reliable.
e26bbead67100b455a3fddb8cfcf7df0baddef6b4fbc68f4cc261a2c4dea9972A boundary error in the Xfpx.dll module when processing FlashPix images can be exploited to cause a heap-based buffer overflow via a specially crafted FPX file. Proof of concept included.
d3d27e656535c43a189940b4169f03b8e070dc18bbb730bd07e54480765d5f37Secunia Security Advisory - Sammy Forgit has reported a vulnerability in the Easy Flash Uploader module for Joomla!, which can be exploited by malicious people to compromise a vulnerable system.
4c67c61486428002da3b975f0f60e542c9b7aa9e92ea357bb9f3dbc8eddf6b03Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
bd1486fec1d53a7e000389d084ab561e765ba86fb4d1418a6df3affc5bc11c47Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
5f5105da891351eaf06772f80dbbfa7758e32120a64837d3c40aec6a06702d78Red Hat Security Advisory 2012-0722-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-14, listed in the References section. Several security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.
ecdbd222d0515d25680731defe7dbecc336e7f60c44b403ad6c79db2c84c9be7Joomla Easy Flash Uploader component version 2.0 suffers from a remote shell upload vulnerability.
3cd37f8b8f1e6a5ed15a3399fafd3d04d6fea0cb869d2c9b9dc452bef9cde268Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
e20802e5ee8e20761cfe1c8512cf01f5cdb21558d860ba633195fec7301b5b0eZero Day Initiative Advisory 12-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. A size value is read from MP4 files and used for size calculation without proper validation. The arithmetic performed on the size value can cause integer overflows, resulting in undersized allocations. This undersized memory allocation can be subsequently overpopulated with data supplied by the input file which can be used to gain remote code execution under the context of the current process.
7d4277c0240390dfaf844d794201f5813348bc3c4e7a17ba30d5fa943904ac26Red Hat Security Advisory 2012-0688-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.19.
5d3d94c580242304ad1db49f92b8d1b2db7dde614f6355c09efaba9df53cd86dSecunia Security Advisory - Red Hat has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
c67a70e724aa582a6065b9793770ba9525166dd88309683a4d3cafa78fbb41f1FlashPeak SlimBrowser version 6.0.1.38 suffers from a denial of service vulnerability.
bec3ee10be31916a3a36ac078cec5caf93d30294833af00776ebe8c44bda9670Secunia Security Advisory - A vulnerability has been discovered in the GRAND Flash Album Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
a77f72d8f4a087f9be527dbc521bf9a33d690daa4863add41ff2e6016964b40e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed