Adobe flash player version 9.0.124.0 free download

# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail. 1 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player versions and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. 2 CVE Exec Code Mem. Corr. +Info NoneRemoteLowNot requiredCompleteCompleteComplete An issue was discovered in Adobe Flash Player and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. 3 CVE Exec Code Mem. Corr. +Info NoneRemoteLowNot requiredCompleteCompleteComplete An issue was discovered in Adobe Flash Player and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. 4 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player versions and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. 5 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player versions and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure. 6 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player versions and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure. 7 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE and CVE 8 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE and CVE 9 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE and CVE, aka a "local-with-filesystem Flash sandbox bypass" issue. 10 CVE +Info NoneRemoteMediumNot requiredPartialNoneNone Race condition in Adobe Flash Player before and x through x before on Windows and OS X and before on Linux allows attackers to obtain sensitive information via unspecified vectors. 11 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors. 12 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. 13 CVE Bypass +Info NoneRemoteMediumNot requiredPartialNoneNone Adobe Flash Player before and x and x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow attackers to bypass the ASLR protection mechanism via JIT data, a different vulnerability than CVE and CVE 14 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. 15 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. 16 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. 17 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. 18 CVE +Info CSRF NoneRemoteMediumNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE and CVE 19 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. 20 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before on Windows and before on OS X and Android, Adobe AIR SDK before on Windows and before on OS X, and Adobe AIR SDK & Compiler before on Windows and before on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. 21 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before on Windows and before on OS X and Android, Adobe AIR SDK before on Windows and before on OS X, and Adobe AIR SDK & Compiler before on Windows and before on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE and CVE 22 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before on Windows and before on OS X and Android, Adobe AIR SDK before on Windows and before on OS X, and Adobe AIR SDK & Compiler before on Windows and before on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE and CVE 23 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before on Windows and before on OS X and Android, Adobe AIR SDK before on Windows and before on OS X, and Adobe AIR SDK & Compiler before on Windows and before on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE and CVE 24 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before , Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before on bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address. 25 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE 26 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE 27 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. 28 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. 29 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE 30 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE 31 CVE DoS Overflow +Info NoneRemoteLowNot requiredPartialNoneComplete Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before on Windows and OS X and before on Android, Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors. 32 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before on Windows and OS X and before on Android, Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow attackers to obtain sensitive keystroke information via unspecified vectors. 33 CVE +Info NoneRemoteLowNot requiredCompleteCompleteComplete Adobe Flash Player before and x through x before on Windows and OS X and before on Linux allows attackers to obtain sensitive information via unspecified vectors. 34 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x and x before on Windows and OS X and before on Linux, Adobe AIR before , Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow remote attackers to discover session tokens via unspecified vectors. 35 CVE +Info CSRF NoneRemoteMediumNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows and OS X and before on Linux, Adobe AIR before on Windows and OS X and before on Android, Adobe AIR SDK before , and Adobe AIR SDK & Compiler before do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a &#;$&#; (dollar sign) or &#;(&#; (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE 36 CVE +Info CSRF NoneRemoteMediumNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows and OS X and before on Linux, Adobe AIR before on Android, Adobe AIR SDK before , and Adobe AIR SDK & Compiler before do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. 37 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X and before on Linux, Adobe AIR before on Android, Adobe AIR SDK before , and Adobe AIR SDK & Compiler before allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. 38 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x through x before on Windows and OS X, and before on Linux, allows attackers to read the clipboard via unspecified vectors. 39 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows, before and x before on Mac OS X, before and x before on Linux, before on Android 2.x and 3.x, and before on Android 4.x; Adobe AIR before ; and Adobe AIR SDK before allow attackers to obtain sensitive information via unspecified vectors. 40 CVE +Info NoneRemoteMediumNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows and Mac OS X, before and x before on Linux, before on Android 2.x and 3.x, and before on Android 4.x; Adobe AIR before ; and Adobe AIR SDK before allow remote attackers to read content from a different domain via a crafted web site. 41 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows and Mac OS X; before and x before on Linux; before on Android 2.x and 3.x; and before on Android 4.x, and Adobe AIR before , allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. 42 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before and x before on Windows, Mac OS X, Linux, and Solaris; before on Android 2.x and 3.x; and before on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors. 43 CVE Bypass +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before on Windows, Mac OS X, Linux, and Solaris, and before on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." 44 CVE Bypass +Info NoneRemoteLowNot requiredPartialPartialNone Adobe Flash Player before on Windows, Mac OS X, Linux, and Solaris and before on Android, and Adobe AIR before on Windows and Mac OS X and before on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. 45 CVE +Info NoneRemoteLowNot requiredPartialNoneNone Adobe Flash Player before on Windows, Mac OS X, Linux, and Solaris and before on Android allows attackers to obtain sensitive information via unspecified vectors. 46 CVE +Info NoneRemoteMediumNot requiredPartialNoneNone Unspecified vulnerability in Adobe Flash Player before and x before on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. 47 CVE +Info NoneRemoteMediumNot requiredCompleteNoneNone Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before and Adobe AIR before on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE 48 CVE +Info NoneLocalLowNot requiredCompleteNoneNone Adobe Flash Player before and x before , and Adobe AIR before , allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." 49 CVE +Info NoneRemoteMediumNot requiredPartialNoneNone Adobe Flash Player and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors. 50 CVE +Info NoneRemoteMediumNot requiredCompleteNoneNone Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.