Integer overflow in Adobe Flash Player prior to 184.108.40.206 on Windows and OS X and prior to 220.127.116.118 on Linux, Adobe AIR prior to 18.104.22.168, Adobe AIR SDK prior to 22.214.171.124, and Adobe AIR SDK & Compiler prior to 126.96.36.199 allows malicious users to execute arbitrary code via unspecified vectors.
CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93
Software vulnerabilities are one of those problems that potentially affect all users. A vulnerability is a fault in a program’s implementation that can be used by attackers to gain unauthorized access to data, inject malicious code or put a system out of operation. In most cases, vulnerabilities arise from a lack of attention to fine details at the design stage rather than programming errors. Sometimes a system can seem virtually invulnerable at the design stage, but then, at some point, a new...
Exploit kit creators have been inventing increasingly interesting methods of masking their exploits, shellcodes, and payloads so that it is harder for analysts to define the type of the exploit and know what actions they may perform.
Several days ago analysts found the usage of the Diffie-Hellman cryptographic protocol in the Angler Exploit Kit, which is one of the most popular exploit kits at the moment. This protocol was developed more than 40 years ago, but that is the first known case ...
If you're not patching Flash you're even stupider than those who still rely on it
Crooks behind the world's worst exploit kit, Angler, have added the latest Adobe Flash vulnerabilities to the suite's long list of attack vectors.
Angler now sports support for some of the 35 Flash player holes detailed and patched last month that includes eight memory corruption flaws and five type confusion bugs.
French malware man Kafeine said that Angler had added an integer overflow (CVE-2015-5560) that allows for arbitrary code execution via unspecified vectors.