Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Air | Adobe | 1.01 | 1.01 |
Air | Adobe | * | 1.5.1 |
Flash_player | Adobe | 9.0.48.0 | 9.0.48.0 |
Flash_player | Adobe | 8.0.24.0 | 8.0.24.0 |
Air | Adobe | 1.5 | 1.5 |
Air | Adobe | 1.0 | 1.0 |
Flash_player | Adobe | 7.1.1 | 7.1.1 |
Flash_player | Adobe | 9.0.124.0 | 9.0.124.0 |
Flash_player | Adobe | 9.0.47.0 | 9.0.47.0 |
Flash_player | Adobe | 7.0.63 | 7.0.63 |
Flash_player | Adobe | 7.0.70.0 | 7.0.70.0 |
Flash_player | Adobe | 10.0.12.36 | 10.0.12.36 |
Flash_player | Adobe | 8.0.35.0 | 8.0.35.0 |
Flash_player | Adobe | 9.0.114.0 | 9.0.114.0 |
Flash_player | Adobe | 8.0 | 8.0 |
Air | Adobe | 1.1 | 1.1 |
Flash_player | Adobe | 9.0.20.0 | 9.0.20.0 |
Flash_player | Adobe | 9.0.31.0 | 9.0.31.0 |
Flash_player | Adobe | 9.0.112.0 | 9.0.112.0 |
Flash_player | Adobe | 9.0.16 | 9.0.16 |
Flash_player | Adobe | 10.0.0.584 | 10.0.0.584 |
Flash_player | Adobe | 9.0.28.0 | 9.0.28.0 |
Flash_player | Adobe | * | 10.0.22.87 |
Flash_player | Adobe | 7.0.69.0 | 7.0.69.0 |
Flash_player | Adobe | 9.0.28 | 9.0.28 |
Flash_player | Adobe | 9.0.45.0 | 9.0.45.0 |
Flex | Adobe | 3.0 | 3.0 |
Flash_player | Adobe | 7.0 | 7.0 |
Flash_player | Adobe | 7.2 | 7.2 |
Flash_player | Adobe | 9.0.115.0 | 9.0.115.0 |
Flash_player | Adobe | 7.0.25 | 7.0.25 |
Flash_player | Adobe | 8.0 | 8.0 |
Flash_player | Adobe | 8.0.39.0 | 8.0.39.0 |
Flash_player | Adobe | 8.0.34.0 | 8.0.34.0 |
Flash_player | Adobe | 7.1 | 7.1 |
Flash_player | Adobe | 10.0.12.10 | 10.0.12.10 |
Flash_player | Adobe | 9.0.20 | 9.0.20 |
Flash_player | Adobe | 7.0.1 | 7.0.1 |
Flash_player | Adobe | 7.0.63 | 7.0.63 |
Flash_player | Adobe | 8.0 | 8.0 |