Vulnerabilities > Adobe > Flash Player > 3

DATE CVE VULNERABILITY TITLE RISK
2010-06-15 CVE-2010-2162 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.
network
adobe macromedia CWE-119
critical
9.3
2010-06-15 CVE-2010-2161 Code Injection vulnerability in multiple products
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html 'Affected software versions Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux'
network
adobe macromedia CWE-94
critical
9.3
2010-06-15 CVE-2010-2160 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
network
adobe macromedia CWE-119
critical
9.3
2010-06-15 CVE-2009-3793 Resource Management Errors vulnerability in multiple products
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
network
adobe macromedia CWE-399
critical
9.3
2010-06-08 CVE-2010-1297 Out-of-bounds Write vulnerability in multiple products
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
local
low complexity
adobe suse opensuse CWE-787
7.8
2010-02-15 CVE-2010-0187 Code Injection vulnerability in Adobe AIR and Flash Player
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
network
adobe CWE-94
4.3
2010-02-15 CVE-2010-0186 Cross Domain Scripting vulnerability in Multiple Adobe Products
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
network
adobe
6.8
2009-12-10 CVE-2009-3951 Information Exposure vulnerability in Adobe AIR and Flash Player
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors.
7.1
2009-12-10 CVE-2009-3800 Remote vulnerability in Adobe AIR and Flash Player
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
network
adobe
critical
9.3
2009-12-10 CVE-2009-3799 Numeric Errors vulnerability in Adobe AIR and Flash Player
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
network
adobe CWE-189
critical
9.3