Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-5362 |
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file. Published: December 08, 2008; 6:30:06 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-5361 |
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file. Published: December 08, 2008; 6:30:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-4824 |
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors." Published: November 17, 2008; 5:21:26 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-4546 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. Published: October 14, 2008; 11:28:16 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-3873 |
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008. Published: August 29, 2008; 1:41:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-1654 |
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server. Published: April 02, 2008; 2:44:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2005-4708 |
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System. Published: December 31, 2005; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |