The OVAL Repository5.102015-09-03T11:01:57.836-04:00Microsoft Office memory corruption vulnerability – CVE-2015-2379 (MS15-070) (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office memory corruption vulnerability – CVE-2015-2376 (MS15-070) (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTrueType font parsing vulnerability - CVE-2015-1671 (MS15-044) (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Silverlight 5 for MacThe Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Memory Corruption Vulnerability – CVE-2015-1641 (MS15-033) (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Silverlight out of browser application vulnerability - CVE-2015-1715 (MS15-049) (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Silverlight 5 for MacMicrosoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office memory corruption vulnerability – CVE-2015-1682 (MS15-046)Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Outlook App for Mac XSS vulnerability – CVE-2015-1639 (MS15-033) (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacCross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUse after free word remote code execution vulnerability - CVE-2014-6357 (MS14-081)Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacUse-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Use After Free Word Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft word file format vulnerability - CVE-2014-4117 (MS14-061) (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerabilities in Microsoft Word could allow remote code execution (CVE-2014-1761) - MS14-017Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Silverlight could allow security feature bypass (CVE-2014-0319) - MS14-014 (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Silverlight 5 for MacMicrosoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Silverlight Could Allow Information Disclosure (CVE-2013-3896) - MS13-087 (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Silverlight 5 for MacMicrosoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRemote code execution vulnerability in Microsoft Office for Mac 2011 (CVE-2013-3889) - MS13-085Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Memory Corruption Vulnerability (CVE-2013-1315) MS13-073 (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTrueType font parsing vulnerability in Microsoft Silverlight - CVE-2013-3129, MS13-052 (Mac OS)Apple Mac OS XApple Mac OS X ServerMicrosoft Silverlight 5 for MacMicrosoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArray access violation vulnerability in Microsoft Silverlight CVE-2013-3131, MS13-052 (Mac OS)Apple Mac OS XApple Mac OS X ServerMicrosoft Silverlight 5 for MacMicrosoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDNull pointer vulnerability in Microsoft Silverlight - CVE-2013-3178, MS13-052 (Mac OS)Apple Mac OS XApple Mac OS X ServerMicrosoft Silverlight 5 for MacMicrosoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft Office could allow remote code execution - MS13-051 (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacBuffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office 2011 Service Pack 3 for Mac is installedApple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Office 2011 Service Pack 3 for Mac is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office 2011 Service Pack 1 for Mac is installedApple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Office 2011 Service Pack 1 for Mac is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office 2011 Service Pack 2 for Mac is installedApple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Office 2011 Service Pack 2 for Mac is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDouble dereference vulnerability in Microsoft Silverlight - MS13-022 (Mac OS X)Apple Mac OS XApple Mac OS X ServerMicrosoft Silverlight 5 for MacMicrosoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Silverlight 5 is installedApple Mac OS XApple Mac OS X ServerMicrosoft Silverlight 5 for MacMicrosoft Silverlight 5 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Settings Manager May Let Remote Users Conduct Clickjacking AttacksApple Mac OS XAdobe Flash PlayerUnspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Privilege Escalation VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRUnspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Integer Overflow VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRInteger overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Heap Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR NULL Pointer Exception Remote Code Execution VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Multiple Vulnerabilities that could lead to code executionApple Mac OS XAdobe Flash PlayerAdobe AIRMultiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR 'exception_count' Integer Overflow VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRInteger overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player SWF Version Null Pointer Dereference Denial of Service VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Denial of Service VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRUnspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which cause a denial of service (memory corruption) in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.Apple Mac OS XAdobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Invalid Pointer VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Pointer Memory CorruptionApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Exhaustion VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRUnspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Data Injection Remote Code Execution VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.Apple Mac OS XAdobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Stack Buffer Overflow VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRStack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferDEPRECATEDDEPRECATEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0608.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0608.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Click-jacking VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDThe NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Apple Mac OS XAdobe Flash PlayerAdobe AirThe NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Loader Object Heap Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRHeap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.Apple Mac OS XAdobe Flash PlayerInteger overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.Apple Mac OS XAdobe Flash PlayerAdobe AirInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.Apple Mac OS XAdobe Flash PlayerUntrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Denial of Service VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.Apple Mac OS XAdobe Flash PlayerAdobe AirInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via leveraging an unspecified "type confusion."Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Buffer Overflow VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRBuffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Exhaustion VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnintended content loading vulnerability - MS13-026Apple Mac OS XApple Mac OS X ServerMicrosoft Office 2008 for MacMicrosoft Office 2011 for MacOutlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.Apple Mac OS XAdobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Invalid Object Reference Remote Code ExecutionApple Mac OS XAdobe Flash PlayerAdobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Multiple Unspecified Remote Code Execution VulnerabilitiesApple Mac OS XAdobe Flash PlayerAdobe AIRMultiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.Apple Mac OS XAdobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.Apple Mac OS XAdobe Flash PlayerInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.Apple Mac OS XAdobe Flash PlayerAdobe AirInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Multiple Memory Corruption VulnerabilitiesApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0607, and CVE-2011-0608.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0607, and CVE-2011-0608.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR 'intf_count' Integer Overflow VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRInteger overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDExcel SST Invalid Length Use After Free Vulnerability - MS12-076Apple Mac OS XMicrosoft Office 2011 for MacMicrosoft Office 2008 for MacUse-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR URI Parsing Heap Buffer Overflow VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRHeap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.Apple Mac OS XAdobe Flash PlayerStack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRHeap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.Apple Mac OS XAdobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Integer Overflow VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRInteger overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.Apple Mac OS XAdobe Flash PlayerCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDThe Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Apple Mac OS XAdobe Flash PlayerThe Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Integer Overflow VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRInteger overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDExcel SerAuxErrBar Heap Overflow Vulnerability - MS12-076Apple Mac OS XMicrosoft Office 2011 for MacMicrosoft Office 2008 for MacHeap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office 2008 for Mac is installedApple Mac OS XApple Mac OS X ServerMicrosoft Office 2008 for MacMicrosoft Office 2008 for Mac is installedSecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDVulnerability in parsing of a cross-domain policy file in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDExcel Stack Overflow Vulnerability - MS12-076Apple Mac OS XMicrosoft Office 2011 for MacStack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.Apple Mac OS XAdobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Sandbox Bypass Information Disclosure VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Unspecified Remote Denial of Service VulnerabilityApple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Use-After-Free VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRUse-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.Apple Mac OS XAdobe Flash PlayerAdobe AirStack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.Apple Mac OS XAdobe Flash PlayerInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDMS Office 2011 for Mac Improper Folder Permissions Vulnerability - MS12-051Apple Mac OS XMicrosoft Office 2011 for MacMicrosoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office 2011 for Mac is installedApple Mac OS XApple Mac OS X ServerMicrosoft Office 2011 for MacMicrosoft Office 2011 for Mac is installedSecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.Apple Mac OS XAdobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player 11 is installedApple Mac OS XAdobe Flash PlayerAdobe Flash Player 11 has been installed on the systemShane ShafferDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDAdobe Flash Player Out Of Bounds Memory Indexing VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRArray index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.Apple Mac OS XAdobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Multiple Heap Overflow VulnerabilitiesApple Mac OS XAdobe Flash PlayerAdobe AIRMultiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Clickjacking VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.Apple Mac OS XAdobe Flash PlayerStack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Invalid Pointer VulnerabilityApple Mac OS XAdobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDAdobe AIR is installedApple Mac OS XAdobe AIRAdobe AIR is installed on the systemShane ShafferDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.Apple Mac OS XAdobe Flash PlayerCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Apple Mac OS XAdobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.Nate PrzybyszewskiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player 10 is InstalledApple Mac OS XAdobe Flash PlayerAdobe Flash Player 10 has been installed on the systemNate PrzybyszewskiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDAdobe Flash Player is InstalledApple Mac OS XAdobe Flash PlayerAdobe Flash Player has been installed on the systemNate PrzybyszewskiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDSnow Leopard Apple Filing Protocol (AFP) Password BypassApple Mac OS XApple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.Nate PrzybyszewskiDRAFTINTERIMACCEPTEDACCEPTEDApple Security Update 2010-006 is InstalledApple Mac OS XApple Security Update 2010-006 has been installed on the systemNate PrzybyszewskiDRAFTINTERIMACCEPTEDACCEPTEDCFBundleShortVersionString/Library/Internet Plug-Ins/Silverlight.plugin/Contents/Info.plist1SetupInfo/Applications/Microsoft Office 2008/Office/SetupInfo.plist1CFBundleShortVersionString/Applications/Microsoft Office 2008/Microsoft Word.app/Contents/Info.plist1Name/Applications/Microsoft Office 2011/Office/SetupInfo.plist1CFBundleShortVersionString/Applications/Microsoft Office 2011/Microsoft Word.app/Contents/Info.plist1/Applications/Utilities/Adobe AIR Application Installer.app/ContentsInfo.plistCFBundleVersion/Applications/Utilities/Adobe AIR Application Installer.app/Contents/Info.plist0PackageVersion/private/var/db/receipts/com.adobe.pkg.FlashPlayer.plist/Library/Internet Plug-Ins/Flash Player.plugin/ContentsInfo.plist/private/var/db/receiptscom.adobe.pkg.FlashPlayer.bomCFBundleShortVersionString/Library/Internet Plug-Ins/Flash Player.plugin/Contents/Info.plist0/private/var/db/receiptscom.apple.pkg.update.security.2010.006.snowleopard.bomProductVersion/System/Library/CoreServices/SystemVersion.plist14.5.35.1.40416.014.5.014.3.914.4.714.4.514.4.15.1.302145.1.20913.014.3.814.3.75.1.20513.014.3.014.2.014.1.014.2.014.3.014.3.5^5\.[\d\.]+$5.1.20125.010.3.181.2610.3.183.183.2.0.207011.2.202.22810.0.45.21.5.3.913012.3.614.3.210.1.82.769.0.2802.0.312.3.514.2.59.0.159.010.0.22.8710.0.42.341.5.311.1.102.553.1.0.488011.1.102.5510.3.183.1110.3.181.1410.2.152.2614.2.3^11\..*$10.3.183.1511.1.102.622.7.110.3.183.510.0.32.189.0.246.01.5.29.0.277.02.0.2.1261010.1.53.6410.3.183.10^10\..*$10.1.102.649.0.289.010.6.5macosDarwin10.6.0