CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe » Flash Player : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2010-0378 Exec Code Mem. Corr. 2010-01-21 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."
1002 CVE-2010-0209 94 DoS Exec Code Mem. Corr. 2010-08-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.
1003 CVE-2010-0187 94 1 DoS 2010-02-15 2017-09-18
4.3
None Remote Medium Not required None None Partial
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
1004 CVE-2010-0186 Bypass 2010-02-15 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
1005 CVE-2009-3951 200 +Info 2009-12-10 2017-09-18
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
1006 CVE-2009-3800 DoS Exec Code 2009-12-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
1007 CVE-2009-3799 189 Exec Code Overflow Mem. Corr. 2009-12-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
1008 CVE-2009-3798 399 Exec Code Mem. Corr. 2009-12-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
1009 CVE-2009-3797 399 Exec Code Mem. Corr. 2009-12-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
1010 CVE-2009-3796 94 Exec Code 2009-12-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
1011 CVE-2009-3794 119 Exec Code Overflow 2009-12-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
1012 CVE-2009-3793 399 DoS Exec Code 2010-06-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
1013 CVE-2009-1870 200 +Info 2009-07-31 2017-09-28
4.9
None Local Low Not required Complete None None
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
1014 CVE-2009-1869 189 DoS Exec Code Overflow 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
1015 CVE-2009-1868 119 DoS Exec Code Overflow 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.
1016 CVE-2009-1867 59 2009-07-31 2017-09-28
4.3
None Remote Medium Not required None Partial None
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
1017 CVE-2009-1866 119 DoS Exec Code Overflow 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
1018 CVE-2009-1865 DoS Exec Code 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."
1019 CVE-2009-1864 119 DoS Exec Code Overflow 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
1020 CVE-2009-1863 264 DoS Exec Code 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."
1021 CVE-2009-1862 94 DoS Exec Code Mem. Corr. 2009-07-23 2009-09-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
1022 CVE-2009-0522 2009-02-26 2017-09-28
4.3
None Remote Medium Not required None Partial None
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."
1023 CVE-2009-0520 119 Exec Code Overflow 2009-02-26 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
1024 CVE-2009-0519 20 DoS Exec Code 2009-02-26 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
1025 CVE-2009-0114 2009-02-26 2017-09-28
5.8
None Remote Medium Not required None Partial Partial
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."
1026 CVE-2008-5363 399 DoS 2008-12-08 2009-03-20
4.3
None Remote Medium Not required None None Partial
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
1027 CVE-2008-5362 20 2008-12-08 2009-03-20
4.3
None Remote Medium Not required Partial None None
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
1028 CVE-2008-5361 399 2008-12-08 2009-03-20
4.3
None Remote Medium Not required Partial None None
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
1029 CVE-2008-4824 20 Exec Code 2008-11-17 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."
1030 CVE-2008-4823 79 XSS 2008-11-10 2009-08-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.
1031 CVE-2008-4822 264 Bypass 2008-11-10 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.
1032 CVE-2008-4821 200 +Info 2008-11-10 2017-08-07
4.3
None Remote Medium Not required Partial None None
Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
1033 CVE-2008-4820 200 +Info 2008-11-10 2017-08-07
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.
1034 CVE-2008-4819 2008-11-10 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
1035 CVE-2008-4818 79 XSS 2008-11-10 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.
1036 CVE-2008-4546 399 DoS 2008-10-14 2017-09-28
4.3
None Remote Medium Not required None None Partial
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
1037 CVE-2008-4503 2008-10-09 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."
1038 CVE-2008-4473 119 Exec Code Overflow 2008-10-17 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
1039 CVE-2008-4401 264 2008-10-17 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.
1040 CVE-2008-3873 2008-08-29 2017-08-07
4.3
None Remote Medium Not required None None Partial
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.
1041 CVE-2008-3872 264 Bypass 2008-10-06 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations.
1042 CVE-2008-1655 79 XSS 2008-04-09 2017-09-28
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.
1043 CVE-2008-1654 352 CSRF 2008-04-02 2017-09-28
4.3
None Remote Medium Not required None Partial None
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
1044 CVE-2007-6637 79 XSS 2008-01-03 2017-09-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
1045 CVE-2007-6246 264 +Priv 2007-12-19 2017-09-28
4.4
User Local Medium Not required Partial Partial Partial
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
1046 CVE-2007-6245 119 Overflow 2007-12-19 2017-09-28
5.8
None Remote Medium Not required Partial Partial None
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
1047 CVE-2007-6244 79 XSS 2007-12-19 2017-09-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
1048 CVE-2007-6243 264 XSS 2007-12-19 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
1049 CVE-2007-6242 20 Exec Code 2007-12-19 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
1050 CVE-2007-6019 Exec Code 2008-04-09 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
Total number of vulnerabilities : 1060   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.