Flash 0-days, 2010 onwards
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
$
%
123
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
|
 
Still loading...
ABCDEFGHIJKLMNOPQRSTU
1
2
DateCVEBulletinTargetsVuln typeCode areaURLNotes
3
4
4/28/2014CVE-2014-0515APSB14-13Syrian citizens... sigh...Pixel Benderhttp://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks
5
2/20/2014CVE-2014-0502APSB14-07American interests, freedom activists, human rights organizationsObject lifetimeWorkershttp://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html
6
2/4/2014CVE-2014-0497APSB14-04Koreans?Integer underflowAVM2http://www.securelist.com/en/blog/8177/CVE_2014_0497_a_0_day_vulnerability
7
12/10/2013CVE-2013-5331APSB13-28Type confusionAVM1
8
2/26/2013CVE-2013-0648 (and CVE-2013-0643)APSB13-08Firefox usersExternalInterface
9
2/7/2013CVE-2013-0633APSB13-04Buffer overflowhttps://www.securelist.com/en/blog/blog?weblogid=208194112
10
2/7/2013CVE-2013-0634APSB13-04Aerospace / Includes Mac usersHeap overflowRegex enginehttp://blogs.mcafee.com/mcafee-labs/adobe-flash-zero-day-attack-uses-advanced-exploitation-technique
11
8/14/2012CVE-2012-1535APSB12-18Integer overflowCFF font parserhttp://blogs.technet.com/b/mmpc/archive/2012/08/28/a-technical-analysis-on-cve-2012-1535-adobe-flash-player-vulnerability.aspx
12
5/4/2012CVE-2012-0779APSB12-09Defense industryObject confusionRTMP (AMF parsing)https://community.rapid7.com/community/metasploit/blog/2012/06/22/the-secret-sauce-to-cve-2012-0779-adobe-flash-object-confusion-vulnerability
13
2/15/2012CVE-2012-0767APSB12-03UXSS (IE only)
14
9/21/2011CVE-2011-2444APSB11-26UXSS(At this point, Tavis' flash fuzz rampage is in)
15
6/14/2011CVE-2011-2110APSB11-18Memory corruption
16
6/5/2011CVE-2011-2107APSB11-13UXSS
17
5/12/2011CVE-2011-0627APSB11-12Memory corruption
18
4/11/2011CVE-2011-0611APSA11-02Memory corruption
19
3/14/2011CVE-2011-0609APSA11-01Memory corruptionAVMhttps://sites.google.com/site/zerodayresearch/Inside_AVM_REcon2012.pdf?attredirects=0
20
10/28/2010CVE-2010-3654APSA10-05Memory corruptionAVM2 verifierhttps://sites.google.com/site/zerodayresearch/CanSecWest2011_Flash_ActionScript.pdf?attredirects=0
21
9/13/2010CVE-2010-2884APSA10-03?? Memory corruption
22
6/4/2010CVE-2010-1297APSA10-01Memory corruption
23
24
25
Some more that are in-triage:(NOT declared as 0-day in advisory)
26
11/10/2011CVE-2011-2445APSB11-28??
27
6/14/2011CVE-2011-0618APSB11-12Integer overflowAVMhttp://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
28
9/28/2012CVE-2012-5054APSB12-19Freedom activistsInteger overflow3Dhttps://www.securelist.com/en/blog/208194112/Adobe_Flash_Player_0_day_and_HackingTeam_s_Remote_Control_System
29
9/28/2012CVE-2012-4167APSB12-19https://www.securelist.com/en/blog/208194112/Adobe_Flash_Player_0_day_and_HackingTeam_s_Remote_Control_System
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
 
 
 
Sheet1