CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe » Flash Player : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2010-0379 Exec Code 2010-01-21 2012-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.
952 CVE-2010-0378 Exec Code Mem. Corr. 2010-01-21 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."
953 CVE-2010-0209 94 DoS Exec Code Mem. Corr. 2010-08-11 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.
954 CVE-2010-0187 94 1 DoS 2010-02-15 2013-11-02
4.3
None Remote Medium Not required None None Partial
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
955 CVE-2010-0186 Bypass 2010-02-15 2011-02-02
6.8
None Remote Medium Not required Partial Partial Partial
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
956 CVE-2009-3951 200 +Info 2009-12-10 2010-08-21
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
957 CVE-2009-3800 DoS Exec Code 2009-12-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
958 CVE-2009-3799 189 Exec Code Overflow Mem. Corr. 2009-12-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
959 CVE-2009-3798 399 Exec Code Mem. Corr. 2009-12-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
960 CVE-2009-3797 399 Exec Code Mem. Corr. 2009-12-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
961 CVE-2009-3796 94 Exec Code 2009-12-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
962 CVE-2009-3794 119 Exec Code Overflow 2009-12-10 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
963 CVE-2009-3793 399 DoS Exec Code 2010-06-15 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
964 CVE-2009-1870 200 +Info 2009-07-31 2013-11-02
4.9
None Local Low Not required Complete None None
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
965 CVE-2009-1869 189 DoS Exec Code Overflow 2009-07-31 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
966 CVE-2009-1868 119 DoS Exec Code Overflow 2009-07-31 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.
967 CVE-2009-1867 59 2009-07-31 2013-11-02
4.3
None Remote Medium Not required None Partial None
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
968 CVE-2009-1866 119 DoS Exec Code Overflow 2009-07-31 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
969 CVE-2009-1865 DoS Exec Code 2009-07-31 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."
970 CVE-2009-1864 119 DoS Exec Code Overflow 2009-07-31 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
971 CVE-2009-1863 264 DoS Exec Code 2009-07-31 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."
972 CVE-2009-1862 94 DoS Exec Code Mem. Corr. 2009-07-23 2009-09-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
973 CVE-2009-0522 2009-02-26 2010-08-21
4.3
None Remote Medium Not required None Partial None
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."
974 CVE-2009-0520 119 Exec Code Overflow 2009-02-26 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
975 CVE-2009-0519 20 DoS Exec Code 2009-02-26 2013-11-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
976 CVE-2009-0114 2009-02-26 2013-11-02
5.8
None Remote Medium Not required None Partial Partial
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."
977 CVE-2008-5363 399 DoS 2008-12-08 2009-03-20
4.3
None Remote Medium Not required None None Partial
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
978 CVE-2008-5362 20 2008-12-08 2009-03-20
4.3
None Remote Medium Not required Partial None None
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
979 CVE-2008-5361 399 2008-12-08 2009-03-20
4.3
None Remote Medium Not required Partial None None
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
980 CVE-2008-4824 20 Exec Code 2008-11-17 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."
981 CVE-2008-4823 79 XSS 2008-11-10 2009-08-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.
982 CVE-2008-4822 264 Bypass 2008-11-10 2012-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
983 CVE-2008-4821 200 +Info 2008-11-10 2012-10-30
4.3
None Remote Medium Not required Partial None None
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
984 CVE-2008-4820 200 +Info 2008-11-10 2012-10-30
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.
985 CVE-2008-4819 2008-11-10 2012-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
986 CVE-2008-4818 79 XSS 2008-11-10 2012-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.
987 CVE-2008-4546 399 DoS 2008-10-14 2013-11-02
4.3
None Remote Medium Not required None None Partial
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
988 CVE-2008-4503 2008-10-09 2009-03-20
6.8
None Remote Medium Not required Partial Partial Partial
The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."
989 CVE-2008-4473 119 Exec Code Overflow 2008-10-17 2009-01-29
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
990 CVE-2008-4401 264 2008-10-17 2009-03-20
10.0
None Remote Low Not required Complete Complete Complete
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
991 CVE-2008-3873 2008-08-29 2009-09-01
4.3
None Remote Medium Not required None None Partial
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.
992 CVE-2008-3872 264 Bypass 2008-10-06 2008-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations.
993 CVE-2008-1655 79 XSS 2008-04-09 2010-08-21
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
994 CVE-2008-1654 352 CSRF 2008-04-02 2010-08-21
4.3
None Remote Medium Not required None Partial None
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
995 CVE-2007-6637 79 XSS 2008-01-03 2010-08-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
996 CVE-2007-6246 264 +Priv 2007-12-19 2010-08-21
4.4
User Local Medium Not required Partial Partial Partial
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
997 CVE-2007-6245 119 Overflow 2007-12-19 2010-08-21
5.8
None Remote Medium Not required Partial Partial None
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
998 CVE-2007-6244 79 XSS 2007-12-19 2010-08-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
999 CVE-2007-6243 264 XSS 2007-12-19 2010-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
1000 CVE-2007-6242 20 Exec Code 2007-12-19 2010-08-21
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
Total number of vulnerabilities : 1006   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.