The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Flash Player

computer vulnerability note CVE-2016-4172 CVE-2016-4173 CVE-2016-4174

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 53.
Creation date: 12/07/2016.
Identifiers: 3174060, 838, 841, 842, 843, 844, 857, 858, APSB16-25, CERTFR-2016-AVI-234, COSIG-2016-20, COSIG-2016-21, COSIG-2016-22, COSIG-2016-23, CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249, CVE-2016-7020, MS16-093, openSUSE-SU-2016:1795-1, openSUSE-SU-2016:1802-1, RHSA-2016:1423-01, SUSE-SU-2016:1826-1, VIGILANCE-VUL-20079, ZDI-16-424, ZDI-16-425, ZDI-16-426, ZDI-16-427, ZDI-16-428.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4247]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4223, ZDI-16-424]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4224, ZDI-16-428]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4225, ZDI-16-427]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4173]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4174, ZDI-16-426]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4222, ZDI-16-425]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4226]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4227]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4228]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4229]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4230]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4231]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4248]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4249]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4172]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; COSIG-2016-22, CVE-2016-4175]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; COSIG-2016-23, CVE-2016-4179]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4180]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4181]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4182]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4183]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4184]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4185]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4186]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4187]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4188]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4189]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4190]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4217]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4218]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4219]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4220]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4221]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4233]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4234]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4235]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4236]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4237]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4238]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4239]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4240]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4241]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4242]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4243]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4244]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4245]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4246]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:2/4; CVE-2016-4232]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; COSIG-2016-20, CVE-2016-4176]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; COSIG-2016-21, CVE-2016-4177]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-4178]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7020]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-4122 CVE-2016-4123 CVE-2016-4124

Adobe Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Adobe Flash Player.
Impacted products: Flash Player, Edge, IE, Windows 10, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 36.
Creation date: 15/06/2016.
Revisions dates: 17/06/2016, 08/07/2016.
Identifiers: 3167685, 786, 788, 790, 793, APSA16-03, APSB16-18, CERTFR-2016-ALE-004, CERTFR-2016-AVI-213, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171, MS16-083, openSUSE-SU-2016:1621-1, openSUSE-SU-2016:1625-1, RHSA-2016:1238-01, SUSE-SU-2016:1613-1, TALOS-2016-0165, VIGILANCE-VUL-19903, VU#748992.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4144]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4149]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4142]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4143]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4145]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4146]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4147]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4148]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 786, CVE-2016-4135]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 788, CVE-2016-4136]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 793, CVE-2016-4138]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4122]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4123]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4124]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4125]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4127]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4128]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4129]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4130]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4131]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4132, TALOS-2016-0165]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4133]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4134]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 790, CVE-2016-4137]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4141]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4150]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4151]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4152]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4153]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4154]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4155]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4156]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4166]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4171]

An attacker can tamper with search paths, in order to run code. [severity:4/4; CVE-2016-4140]

An attacker can bypass the same origin policy for scripts, for instance in order to get sensitive information. [severity:4/4; CVE-2016-4139]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-1006 CVE-2016-1011 CVE-2016-1012

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 23.
Creation date: 08/04/2016.
Revision date: 21/06/2016.
Identifiers: 3154132, 719, 759, APSB16-10, CERTFR-2016-AVI-116, CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033, MS16-050, openSUSE-SU-2016:1306-1, openSUSE-SU-2016:1308-1, openSUSE-SU-2016:1309-1, RHSA-2016:0610-01, SUSE-SU-2016:1305-1, VIGILANCE-VUL-19325, ZDI-16-225, ZDI-16-226, ZDI-16-227, ZDI-16-228.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can bypass security features with JIT Spraying Attacks, in order to obtain sensitive information. [severity:2/4; CVE-2016-1006]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1015, ZDI-16-227]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1011]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1013]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1016, ZDI-16-226]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1017, ZDI-16-225]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1031]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1012]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1020]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1021]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1022]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1023]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1024]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1025]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1026]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1027]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1028]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1029]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1032]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1033]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1018, ZDI-16-228]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-1030]

An attacker can use a vulnerability in the DLL search, in order to run code. This vulnerability likes the one described in VIGILANCE-VUL-18671. Because of the expected access rights of the concerned folders, the error is unlikely exploitable. [severity:1/4; CVE-2016-1014]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-4117

Adobe Flash Player: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Adobe Flash Player, in order to run code.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 10/05/2016.
Identifiers: 3157993, APSA16-02, APSB16-15, CERTFR-2016-ALE-003, CVE-2016-4117, MS16-064, openSUSE-SU-2016:1306-1, openSUSE-SU-2016:1308-1, openSUSE-SU-2016:1309-1, RHSA-2016:1079-01, SUSE-SU-2016:1305-1, VIGILANCE-VUL-19574.

Description of the vulnerability

An attacker can use a vulnerability of Adobe Flash Player, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1019

Adobe Flash Player Windows: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Adobe Flash Player on Windows, in order to run code.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 06/04/2016.
Revision date: 08/04/2016.
Identifiers: 3154132, APSA16-01, APSB16-10, CERTFR-2016-ALE-002, CVE-2016-1019, MS16-050, openSUSE-SU-2016:0987-1, openSUSE-SU-2016:0997-1, openSUSE-SU-2016:1157-1, RHSA-2016:0610-01, SUSE-SU-2016:0990-1, VIGILANCE-VUL-19306.

Description of the vulnerability

An attacker can use a vulnerability of Adobe Flash Player on Windows, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0960 CVE-2016-0961 CVE-2016-0962

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 23.
Creation date: 10/03/2016.
Identifiers: 3144756, 716, APSB16-08, CERTFR-2016-AVI-094, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010, MS16-036, openSUSE-SU-2016:0719-1, openSUSE-SU-2016:0734-1, RHSA-2016:0438-01, SUSE-SU-2016:0715-1, SUSE-SU-2016:0716-1, VIGILANCE-VUL-19156, ZDI-16-192, ZDI-16-193, ZDI-16-194.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0963]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0993]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1010]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0987]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0988]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0990]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0991]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0994, ZDI-16-194]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0995]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0996, ZDI-16-193]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0997]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0998]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0999]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1000]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1001]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0960]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0961]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0962]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0986]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0989]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0992]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1002]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1005, ZDI-16-192]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-0964 CVE-2016-0965 CVE-2016-0966

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 22.
Creation date: 09/02/2016.
Revision date: 18/02/2016.
Identifiers: 3135782, 701, APSB16-04, CERTFR-2016-AVI-054, CERTFR-2016-AVI-055, CERTFR-2016-AVI-056, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985, MS16-022, openSUSE-SU-2016:0412-1, openSUSE-SU-2016:0415-1, RHSA-2016:0166-01, SUSE-SU-2016:0398-1, SUSE-SU-2016:0400-1, VIGILANCE-VUL-18900, ZDI-16-160, ZDI-16-161.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption in an object of type TextField, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0985]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0973, ZDI-16-161]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0974]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0975, ZDI-16-160]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0982]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0983]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0984]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0971]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0964]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0965]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0966]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0967]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0968]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0969]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0970]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0972]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0976]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0977]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0978]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0979]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0980]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-0981]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-8045 CVE-2015-8047 CVE-2015-8048

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Chrome, Edge, IE, openSUSE, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 90.
Creation date: 08/12/2015.
Revision date: 05/02/2016.
Identifiers: 2755801, 581, 611, APSB15-32, CERTFR-2015-AVI-536, CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8051-ERROR, CVE-2015-8052-ERROR, CVE-2015-8053-ERROR, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453, CVE-2015-8454, CVE-2015-8455, CVE-2015-8456, CVE-2015-8457, CVE-2015-8652, CVE-2015-8653, CVE-2015-8654, CVE-2015-8655, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, CVE-2015-8820, CVE-2015-8821, CVE-2015-8822, CVE-2015-8823, openSUSE-SU-2015:2239-1, RHSA-2015:2593-01, SUSE-SU-2015:2236-1, SUSE-SU-2015:2247-1, VIGILANCE-VUL-18479, ZDI-15-601, ZDI-15-602, ZDI-15-603, ZDI-15-604, ZDI-15-605, ZDI-15-606, ZDI-15-607, ZDI-15-608, ZDI-15-609, ZDI-15-610, ZDI-15-611, ZDI-15-612, ZDI-15-613, ZDI-15-614, ZDI-15-636.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8438, ZDI-15-605]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8446, ZDI-15-609]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8444]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8443]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8417]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8416]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8451]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8047]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8053-ERROR, CVE-2015-8455]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8045]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8051-ERROR, CVE-2015-8418]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8060]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8419]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8408]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-8453, ZDI-15-614]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-8440]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-8409]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8407]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8439, ZDI-15-606]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8445, ZDI-15-608]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8415]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8050, ZDI-15-602]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8049, ZDI-15-601]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8437, ZDI-15-604]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8450, ZDI-15-613]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8449, ZDI-15-612]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8448, ZDI-15-611]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8436, ZDI-15-603]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8452]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8048]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8413]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8412]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8410]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8411]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8424]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8422]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8420]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8421]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8423]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8425]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8433]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8432]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8431]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8426]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8430]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8427]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8428]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8429]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8434]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8435]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8414]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8052-ERROR, CVE-2015-8454]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8059]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8058]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8055]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8057]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8056]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8061]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8067]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8066]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8062]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8068]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8064]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8065]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8063]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8405]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8404]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8402]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8403]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8071]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8401]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8406]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8069]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8070]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8441]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8442, ZDI-15-607]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8447, ZDI-15-610]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8456]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8457, ZDI-15-636]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8652]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8654]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8656]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8657]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8658]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8653]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8655]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8820]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8821]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8822]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8823]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-8459 CVE-2015-8460 CVE-2015-8634

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Edge, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 29/12/2015.
Identifiers: 2755801, APSB16-01, CERTFR-2015-AVI-567, CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651, CVE-2016-0959, openSUSE-SU-2015:2400-1, openSUSE-SU-2015:2403-1, RHSA-2015:2697-01, SUSE-SU-2015:2401-1, SUSE-SU-2015:2402-1, VIGILANCE-VUL-18602, ZDI-15-648, ZDI-15-649, ZDI-15-650, ZDI-15-651, ZDI-15-652, ZDI-15-653.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8644]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8651]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8634]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8635]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8638, ZDI-15-648]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8639, ZDI-15-649]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8640]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8641]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8642]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8643]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8646]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8647, ZDI-15-650]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8648, ZDI-15-652]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8649, ZDI-15-653]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8650, ZDI-15-651]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8459]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8460]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8636]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8645]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0959]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-7651 CVE-2015-7652 CVE-2015-7653

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Chrome, Edge, IE, openSUSE, Opera, RHEL.
Severity: 4/4.
Consequences: user access/rights, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 10/11/2015.
Identifiers: 2755801, APSB15-28, CERTFR-2015-AVI-481, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046, openSUSE-SU-2015:1984-1, RHSA-2015:2023-01, RHSA-2015:2024-01, VIGILANCE-VUL-18276, ZDI-15-556, ZDI-15-557, ZDI-15-558, ZDI-15-559, ZDI-15-560, ZDI-15-561, ZDI-15-562, ZDI-15-563, ZDI-15-564, ZDI-15-565, ZDI-15-566, ZDI-15-567.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7659, ZDI-15-566]

An attacker can bypass access restrictions, in order to create a file on the system. [severity:3/4; CVE-2015-7662]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7651, ZDI-15-556]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7652, ZDI-15-557]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7653, ZDI-15-561]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7654, ZDI-15-560]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7655, ZDI-15-559]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7656, ZDI-15-558]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7657, ZDI-15-567]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7658, ZDI-15-562]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7660, ZDI-15-565]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7661, ZDI-15-564]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7663]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8042, ZDI-15-563]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8043]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8044]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-8046]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Flash Player: