The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Internet Explorer

computer vulnerability CVE-2015-2423 CVE-2015-2441 CVE-2015-2442

Internet Explorer: thirteen vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 11/08/2015.
Identifiers: 3082442, BFS-SA-2015-001, CERTFR-2015-AVI-333, CERTFR-2015-AVI-342, CVE-2015-2423, CVE-2015-2441, CVE-2015-2442, CVE-2015-2443, CVE-2015-2444, CVE-2015-2445, CVE-2015-2446, CVE-2015-2447, CVE-2015-2448, CVE-2015-2449, CVE-2015-2450, CVE-2015-2451, CVE-2015-2452, MS15-079, VIGILANCE-VUL-17625, ZDI-15-382, ZDI-15-383, ZDI-15-384, ZDI-15-385, ZDI-15-389.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2441]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2442]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2443, ZDI-15-382]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; BFS-SA-2015-001, CVE-2015-2444]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2446]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2447]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2448, ZDI-15-383]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2450, ZDI-15-384]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2451, ZDI-15-385]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2452, ZDI-15-389]

An attacker can guess the memory layout of a Microsoft Internet Explorer process, to bypass ASLR, in order to ease the next step of the attack. [severity:2/4; CVE-2015-2445]

An attacker can guess the memory layout of a Microsoft Internet Explorer process, to bypass ASLR, in order to ease the next step of the attack. [severity:2/4; CVE-2015-2449]

An attacker can use, for example from Internet Explorer, a special command line on Windows, in order to run some programs, such as Notepad or Office (VIGILANCE-VUL-17638). [severity:2/4; CERTFR-2015-AVI-342, CVE-2015-2423]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-5125 CVE-2015-5127 CVE-2015-5129

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Chrome, Edge, IE, openSUSE, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 36.
Creation date: 11/08/2015.
Identifiers: 2755801, APSB15-19, CERTFR-2015-AVI-347, CERTFR-2015-AVI-348, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128-REJECT, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566, CVE-2015-6682, openSUSE-SU-2015:1388-1, openSUSE-SU-2015:1391-1, openSUSE-SU-2015:1781-1, RHSA-2015:1603-01, SUSE-SU-2015:1373-1, SUSE-SU-2015:1374-1, VIGILANCE-VUL-17624.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. After analysis, it is not a vulnerability. [severity:0/4; CVE-2015-5128-REJECT]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5554]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5555]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5558]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5562]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-5125]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5550]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5551]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5556]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5130]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5134]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5539]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5540]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5557]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5559]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5127]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5563]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5561]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5566]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5129]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5541]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5131]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5132]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5133]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5544]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5545]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5546]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5547]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5548]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5549]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5552]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5553]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5560]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5564]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5565]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6682]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 17462

Internet Explorer: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 21/07/2015.
Identifiers: VIGILANCE-VUL-17462, ZDI-15-359, ZDI-15-360, ZDI-15-361, ZDI-15-362.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a buffer overflow in CTableLayout::AddRow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-15-359]

An attacker can force the usage of a freed memory area in CAttrArray, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-15-360]

An attacker can force the usage of a freed memory area in CCurrentStyle, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-15-361]

An attacker can force the usage of a freed memory area in CTreePos, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-15-362]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-5122 CVE-2015-5123

Adobe Flash Player: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Chrome, IE, openSUSE, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/07/2015.
Identifiers: 2755801, APSA15-04, APSB15-18, CERTFR-2015-ALE-006, CERTFR-2015-AVI-309, CVE-2015-5122, CVE-2015-5123, openSUSE-SU-2015:1267-1, RHSA-2015:1235-01, SUSE-SU-2015:1255-1, SUSE-SU-2015:1258-1, VIGILANCE-VUL-17370, VU#338736, VU#918568.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5122, VU#338736]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5123, VU#918568]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-1729 CVE-2015-1733 CVE-2015-1738

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 29.
Creation date: 15/07/2015.
Identifiers: 3076321, CERTFR-2015-AVI-302, CVE-2015-1729, CVE-2015-1733, CVE-2015-1738, CVE-2015-1767, CVE-2015-2372, CVE-2015-2383, CVE-2015-2384, CVE-2015-2385, CVE-2015-2388, CVE-2015-2389, CVE-2015-2390, CVE-2015-2391, CVE-2015-2397, CVE-2015-2398, CVE-2015-2401, CVE-2015-2402, CVE-2015-2403, CVE-2015-2404, CVE-2015-2406, CVE-2015-2408, CVE-2015-2410, CVE-2015-2411, CVE-2015-2412, CVE-2015-2413, CVE-2015-2414, CVE-2015-2419, CVE-2015-2421, CVE-2015-2422, CVE-2015-2425, MS15-065, VIGILANCE-VUL-17354, ZDI-15-329, ZDI-15-330, ZDI-15-331, ZDI-15-332, ZDI-15-333, ZDI-15-334, ZDI-15-335, ZDI-15-336, ZDI-15-337, ZDI-15-338, ZDI-15-341, ZDI-15-342, ZDI-15-458, ZDI-15-568.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption in VBScript, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-17356). [severity:4/4; CVE-2015-2372]

An attacker can bypass the XSS Filter. [severity:2/4; CVE-2015-2398]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-2402, ZDI-15-342]

An attacker can generate a memory corruption in JScript9, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2419]

An attacker can guess the memory layout of a Microsoft Internet Explorer process, to bypass ASLR, in order to ease the next step of the attack. [severity:2/4; CVE-2015-2421]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-1733]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-1738]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-1767, ZDI-15-334, ZDI-15-336, ZDI-15-338, ZDI-15-568]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2383, ZDI-15-341]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2384]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2385]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2388, ZDI-15-335]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2389]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2390]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2391]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2397, ZDI-15-330, ZDI-15-337]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2401]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2403, ZDI-15-329]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2404, ZDI-15-332]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2406, ZDI-15-333]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2408, ZDI-15-458]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2411]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2422]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2425]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-1729]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-2410]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-2412, ZDI-15-331]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-2413]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-2414]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-0578 CVE-2015-3097 CVE-2015-3114

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 36.
Creation date: 09/07/2015.
Identifiers: 2755801, APSB15-16, CERTFR-2015-AVI-284, CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118, CVE-2015-5124, openSUSE-SU-2015:1781-1, RHSA-2015:1214-01, SUSE-SU-2015:1211-1, SUSE-SU-2015:1214-1, VIGILANCE-VUL-17329, ZDI-15-294.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

The location of segments of the Player process is guessable. [severity:1/4; CVE-2015-3097]

An attacker can generate a heap based buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3135]

An attacker can generate a heap based buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-4432]

An attacker can generate a heap based buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-5118]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3117]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3123]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3130]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3133]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3134]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-4431]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:2/4; CVE-2015-3126]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:2/4; CVE-2015-4429]

An attacker can bypass security features, in order to get maybe sensitive information. [severity:1/4; CVE-2015-3114]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3119]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3120]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3121]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-3122]

An attacker can exploit a cast error, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-4433]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3118]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3124]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-5117]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3127]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3128]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3129]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3131]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3132]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3136]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3137]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-4428]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-4430]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:3/4; CVE-2014-0578]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:3/4; CVE-2015-3115]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:3/4; CVE-2015-3116]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:2/4; CVE-2015-3125, ZDI-15-294]

An attacker can bypass the same origin policy, which defines the access rights to the responses to the browser HTTP requests, in order to access normally unreachable information. [severity:3/4; CVE-2015-5116]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5124]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-0346 CVE-2015-0347 CVE-2015-0348

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 22.
Creation date: 14/04/2015.
Revision date: 06/07/2015.
Identifiers: 2755801, APSB15-06, CERTFR-2015-AVI-166, CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044, openSUSE-SU-2015:0718-1, openSUSE-SU-2015:0725-1, RHSA-2015:0813-01, SUSE-SU-2015:0722-1, SUSE-SU-2015:0723-1, VIGILANCE-VUL-16606, ZDI-15-133, ZDI-15-134, ZDI-15-293.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0347, ZDI-15-133]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0350]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0352]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0353]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0354]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0355]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0360]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3038]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3041]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3042]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3043]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0356]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0348]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0349, ZDI-15-134]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0351]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0358]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3039, ZDI-15-293]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0346]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-0359]

An attacker can read memory addresses, in order to obtain sensitive information. [severity:2/4; CVE-2015-0357]

An attacker can read memory addresses, in order to obtain sensitive information. [severity:2/4; CVE-2015-3040]

An attacker can bypass a feature, in order to obtain sensitive information. [severity:2/4; CVE-2015-3044]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-3113

Adobe Flash Player: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Adobe Flash Player, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/06/2015.
Revision date: 06/07/2015.
Identifiers: APSB15-14, CERTFR-2015-AVI-262, CVE-2015-3113, openSUSE-SU-2015:1148-1, openSUSE-SU-2015:1180-1, RHSA-2015:1184-01, SUSE-SU-2015:1136-1, VIGILANCE-VUL-17215.

Description of the vulnerability

The Adobe Flash Player product offers a web service.

However, if the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow of Adobe Flash Player, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 17233

Microsoft Internet Explorer: bypass of ASLR

Synthesis of the vulnerability

An attacker can guess the memory layout of a Microsoft Internet Explorer process, in order to ease the next step of the attack.
Impacted products: IE.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 25/06/2015.
Identifiers: VIGILANCE-VUL-17233.

Description of the vulnerability

The Microsoft Internet Explorer product uses a dedicated memory management technique for data structures used for page rendering.

However, a side effect of this protection technique is allowing bypass of Address Space Layout Randomization, a kernel level method of making code injection attacks (buffer overflow or use after free) more difficult. So, bypassing that makes these class of attacks easier.

An attacker can therefore guess the memory layout of a Microsoft Internet Explorer process, in order to ease the next step of the attack.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-3077 CVE-2015-3078 CVE-2015-3079

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Chrome, IE, openSUSE, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 12/05/2015.
Revision date: 22/06/2015.
Identifiers: 2755801, APSB15-09, CERTFR-2015-AVI-222, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093, openSUSE-SU-2015:0890-1, openSUSE-SU-2015:0914-1, RHSA-2015:1005-01, SUSE-SU-2015:0878-1, VIGILANCE-VUL-16883, ZDI-15-216.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3078]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3089]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3090]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3093]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3088]

An attacker can bypass the Protected Mode in Internet Explorer, in order to escalate his privileges. [severity:3/4; CVE-2015-3081]

An attacker can create a file. [severity:2/4; CVE-2015-3082]

An attacker can create a file. [severity:2/4; CVE-2015-3083]

An attacker can create a file. [severity:2/4; CVE-2015-3085, ZDI-15-216]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3087]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3077]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3084]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3086]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2015-3080]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-3091]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-3092]

An attacker can bypass a security feature, in order to obtain sensitive information. [severity:2/4; CVE-2015-3079]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Internet Explorer: