From winvulns-announcements at bigmail.bigfix.com Tue Dec 10 05:20:16 2013 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 10 Dec 2013 05:20:16 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 341 Published: Tue, 10 Dec 2013 00:48:33 GMT New Fixlets: ============ *************************************************************** Title: Vulnerability which allows remote attackers to conduct phishing attacks in Opera before 12.11 Severity: Medium Fixlet ID: 1900501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19005.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6467 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012. *************************************************************** Title: Vulnerability has unknown impact and attack vectors, related to a "low severity issue in Opera before 12.01 Severity: High Fixlet ID: 1902601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19026.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4145 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Opera before 12.01, has unknown impact and attack vectors, related to a "low severity issue." *************************************************************** Title: Vulnerability which allows remote attackers to execute arbitrary code in Opera before 12.13 Severity: High Fixlet ID: 1908301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19083.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1638 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. *************************************************************** Title: Vulnerability which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms in Opera before 12.01 Severity: Medium Fixlet ID: 1909901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19099.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4144 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.01 on Windows does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. *************************************************************** Title: CERT_VerifyCert can SECSuccess for bad certificates Severity: Medium Fixlet ID: 1939301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19393.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. *************************************************************** Title: Vulnerability which allows remote attackers to execute arbitrary code in Opera before 12.13 Severity: High Fixlet ID: 1943601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19436.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1637 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. *************************************************************** Title: Vulnerability which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks in Opera before 12.13 Severity: Medium Fixlet ID: 1945801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19458.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1618 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. *************************************************************** Title: Integer truncation in certificate parsing Severity: High Fixlet ID: 1953001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19530.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1741 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. *************************************************************** Title: Vulnerability which allows remote attackers to spoof the address field in Opera before 12.12 Severity: Medium Fixlet ID: 1953101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19531.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6471 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. *************************************************************** Title: Vulnerability which allows remote attackers to bypass a CSRF protection in Opera before 12.13 Severity: Medium Fixlet ID: 1961701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19617.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1639 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. *************************************************************** Title: Vulnerability which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) in Opera before 12.10 Severity: High Fixlet ID: 1963401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19634.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6465 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image. *************************************************************** Title: Cross-site scripting (XSS) vulnerability in Opera before 15.00 Severity: Medium Fixlet ID: 1964201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19642.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4705 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. *************************************************************** Title: Opera does not properly block top-level domains in Set-Cookie headers before 12.15 Severity: Medium Fixlet ID: 1972301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19723.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3210 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain. *************************************************************** Title: Null Cipher buffer overflow Severity: High Fixlet ID: 1973101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19731.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5605 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. *************************************************************** Title: Vulnerability which allows remote attackers to inject arbitrary web script or HTML in Opera before 12.10 Severity: Medium Fixlet ID: 1976201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19762.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6464 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins. *************************************************************** Title: Avoid unsigned integer wrapping in PL_ArenaAllocate Severity: High Fixlet ID: 1977801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19778.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5607 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. *************************************************************** Title: Vulnerability which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) in Opera before 12.12 Severity: High Fixlet ID: 1979001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19790.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6470 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image. *************************************************************** Title: Vulnerability allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs in Opera before 11.67 and 12.x before 12.02 Severity: Medium Fixlet ID: 1981101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19811.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6460 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site. *************************************************************** Title: Vulnerability makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks in Opera before 12.01 Severity: Medium Fixlet ID: 1982201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19822.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4142 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.01 ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. *************************************************************** Title: Vulnerability allows remote attackers to bypass intended page-content restrictions in Opera before 12.10 Severity: Medium Fixlet ID: 1984101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19841.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6462 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. *************************************************************** Title: Vulnerability which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) in Opera before 12.11 Severity: High Fixlet ID: 1986601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19866.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6468 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long HTTP response. *************************************************************** Title: Vulnerability allows user-assisted remote attackers to trick users into downloading and executing arbitrary files in Opera before 12.01 Severity: Medium Fixlet ID: 1987201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19872.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4143 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.01 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. *************************************************************** Title: Vulnerability allows remote attackers to cause a denial of service (application crash) in Opera before 11.67 and 12.x before 12.01 Severity: Medium Fixlet ID: 1988001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19880.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4146 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. *************************************************************** Title: Vulnerability which allows remote attackers to determine the existence of arbitrary local files in Opera before 12.11 Severity: Medium Fixlet ID: 1988901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19889.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6469 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page. *************************************************************** Title: RC4 algorithm vulnerability in Opera Severity: Low Fixlet ID: 1991501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19915.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. *************************************************************** Title: Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML in Opera before 12.10 Severity: Medium Fixlet ID: 1994501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19945.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6463 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. *************************************************************** Title: Vulnerability which allows remote attackers to obtain potentially sensitive information from process memory in Opera before 12.10 Severity: Medium Fixlet ID: 1996901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19969.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6466 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas. *************************************************************** Title: Unspecified vulnerability in Opera before 12.15 Severity: High Fixlet ID: 1997501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19975.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3211 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue." *************************************************************** Title: Vulnerability allows remote attackers to trigger a false indication of successful revocation-status checking in Opera before 12.10 Severity: Medium Fixlet ID: 1999101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19991.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6461 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 allows remote attackers to trigger a false indication of successful revocation-status checking by causing a failure of a single checking service. From winvulns-announcements at bigmail.bigfix.com Thu Dec 19 05:20:19 2013 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Thu, 19 Dec 2013 05:20:19 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 342 Published: Wed, 18 Dec 2013 21:56:42 GMT New Fixlets: ============ *************************************************************** Title: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability t Severity: High Fixlet ID: 1941001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19410.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1373 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1372. *************************************************************** Title: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0 Severity: High Fixlet ID: 1942701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19427.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1372 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, and CVE-2013-1373. *************************************************************** Title: Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code via crafted SWF content Severity: High Fixlet ID: 1946701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19467.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0633 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-064 Severity: High Fixlet ID: 1951001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19510.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1374 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vu Severity: High Fixlet ID: 1952501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19525.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0644 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374. *************************************************************** Title: Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors Severity: High Fixlet ID: 1952801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19528.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3345 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. *************************************************************** Title: Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability tha Severity: High Fixlet ID: 1962901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19629.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1380 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378. *************************************************************** Title: Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors Severity: High Fixlet ID: 1966101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19661.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1371 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. *************************************************************** Title: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than Severity: High Fixlet ID: 1969401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19694.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3362 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324. *************************************************************** Title: Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulner Severity: High Fixlet ID: 1980201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19802.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5329 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330. *************************************************************** Title: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability t Severity: High Fixlet ID: 1980501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19805.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1367 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. *************************************************************** Title: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors Severity: High Fixlet ID: 1982401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19824.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2555 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. *************************************************************** Title: Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content Severity: High Fixlet ID: 1982601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19826.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0634 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. *************************************************************** Title: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differe Severity: High Fixlet ID: 1985601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19856.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1378 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380. *************************************************************** Title: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability t Severity: High Fixlet ID: 1986901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19869.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1370 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373. *************************************************************** Title: Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors Severity: High Fixlet ID: 1989601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19896.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1375 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows remote attackers to execute arbitrary code via crafted SWF content Severity: High Fixlet ID: 1989801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19898.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0648 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. *************************************************************** Title: Integer overflow in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors Severity: High Fixlet ID: 1990701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19907.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0646 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than Severity: High Fixlet ID: 1991301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19913.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5324 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363. *************************************************************** Title: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than Severity: High Fixlet ID: 1992901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19929.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3363 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-5324. *************************************************************** Title: Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows allows attackers to execute arbitrary code via unspecified vectors Severity: High Fixlet ID: 1993001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19930.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0504 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via unspecified vectors Severity: High Fixlet ID: 1995701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19957.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3344 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability t Severity: High Fixlet ID: 1996101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19961.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0642 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. *************************************************************** Title: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability t Severity: High Fixlet ID: 1996601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval19966.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1368 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. *************************************************************** Title: Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to obtain sensitive information via unspecified vectors Severity: Medium Fixlet ID: 2000401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20004.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0637 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to obtain sensitive information via unspecified vectors. *************************************************************** Title: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability t Severity: High Fixlet ID: 2000601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20006.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1366 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. *************************************************************** Title: Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Adobe AIR before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (mem Severity: High Fixlet ID: 2001101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20011.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1379 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. *************************************************************** Title: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows Adobe AIR before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than Severity: High Fixlet ID: 2001501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20015.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3361 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324. *************************************************************** Title: Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors Severity: High Fixlet ID: 2002501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20025.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0647 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0638. *************************************************************** Title: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability t Severity: High Fixlet ID: 2004401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20044.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1365 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. *************************************************************** Title: Integer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors Severity: High Fixlet ID: 2007301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20073.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0639 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vu Severity: High Fixlet ID: 2007801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20078.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0649 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-1374. *************************************************************** Title: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68, 11.x before 11.6.602.180 and Adobe AIR before 3.6.0.6090 on Windows allows attackers to execute arbitrary code via unspecified vectors Severity: High Fixlet ID: 2007901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20079.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0650 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors Severity: High Fixlet ID: 2008001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20080.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0638 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0647. *************************************************************** Title: The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content Severity: High Fixlet ID: 2008101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20081.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0643 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. *************************************************************** Title: Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and in Adobe AIR before 3.5.0.1060, allows attackers to execute arbitrary code via unspecified vectors Severity: High Fixlet ID: 2009601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20096.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0630 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. *************************************************************** Title: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability t Severity: High Fixlet ID: 2011101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20111.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0645 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. *************************************************************** Title: Buffer overflow in Adobe Flash Player before in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 and in Adobe AIR before 3.6.0.597 on Windows allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability t Severity: High Fixlet ID: 2012501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20125.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1369 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. *************************************************************** Title: Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows; Adobe AIR before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulner Severity: High Fixlet ID: 2013301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20133.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5330 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5329. *************************************************************** Title: Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling Severity: High Fixlet ID: 2013701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval20137.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3347 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling.