Adobe Flash Player Desktop Runtime vulnerabilities

CVE-2018-4935 [HIGH] CWE-787 CVE-2018-4935: Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerabi Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-4937 [HIGH] CWE-787 CVE-2018-4937: Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerabi Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-4932 [HIGH] CWE-416 CVE-2018-4932: Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-4936 [MEDIUM] CWE-119 CVE-2018-4936: Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-4933 [MEDIUM] CWE-125 CVE-2018-4933: Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerabil Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2018-4934 [MEDIUM] CWE-125 CVE-2018-4934: Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerabil Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVE-2017-11305 [MEDIUM] CVE-2017-11305: A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unint A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

CVE-2017-11292 [HIGH] CWE-843 CVE-2017-11292: Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, whic Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.

CVE-2017-3106 [HIGH] CWE-704 CVE-2017-3106: Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3085 [HIGH] CWE-601 CVE-2017-3085: Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads t Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

CVE-2017-3099 [HIGH] CWE-787 CVE-2017-3099: Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3100 [MEDIUM] CWE-787 CVE-2017-3100: Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.

CVE-2017-3080 [MEDIUM] CVE-2017-3080: Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to t Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.

CVE-2017-3070 [HIGH] CWE-787 CVE-2017-3070: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3069 [HIGH] CWE-787 CVE-2017-3069: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3071 [HIGH] CWE-416 CVE-2017-3071: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3074 [HIGH] CWE-787 CVE-2017-3074: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3068 [HIGH] CWE-787 CVE-2017-3068: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3072 [HIGH] CWE-787 CVE-2017-3072: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerabili Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

CVE-2017-3073 [HIGH] CWE-416 CVE-2017-3073: Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.