Kafeine

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 9 through 11 Microsoft Edge **Description** The issue allows remote attackers to obtain sensitive information via a crafted web site. This is due to the way the affected components handle objects in memory, which can be exploited by an attacker to further compromise a target system. Research indicates that this type of vulnerability is among those exploited by ransomware operators, highlighting its potential impact. **Recommendations** For Microsoft Internet Explorer versions 9 through 11, consider disabling the handling of objects in memory as a temporary workaround until a patch is available. For Microsoft Edge, restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions prior to 13.0.0.263 Adobe Flash Player versions 14.x through 16.x prior to 16.0.0.288 Adobe Flash Player version 11.2.202.438 and earlier on Linux **Description** The issue is related to a use-after-free vulnerability in the ByteArray::UncompressViaZlibVariant() function, allowing a remote attacker to execute arbitrary code or cause a denial of service via a specially crafted swf file. This vulnerability has been exploited in the wild, with reports of its use in January 2015. **Recommendations** For Adobe Flash Player versions prior to 13.0.0.263, update to version 13.0.0.263 or later. For Adobe Flash Player versions 14.x through 16.x prior to 16.0.0.288, update to version 16.0.0.288 or later. For Adobe Flash Player version 11.2.202.438 and earlier on Linux, update to a version later than 11.2.202.438.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions prior to 13.0.0.258 Adobe Flash Player versions 14.x and 15.x prior to 15.0.0.239 Adobe Flash Player version prior to 11.2.202.424 on Linux Adobe AIR version prior to 15.0.0.293 Adobe AIR SDK version prior to 15.0.0.302 Adobe AIR SDK & Compiler version prior to 15.0.0.302 **Description** The issue is related to a buffer overflow operation that can be exploited by a remote attacker to execute arbitrary code or cause a denial of service through unspecified vectors. This can lead to the execution of arbitrary code or a denial of service due to an invalid pointer dereference. **Recommendations** For Adobe Flash Player versions prior to 13.0.0.258, update to version 13.0.0.258 or later. For Adobe Flash Player versions 14.x and 15.x prior to 15.0.0.239, update to version 15.0.0.239 or later. For Adobe Flash Player version prior to 11.2.202.424 on Linux, update to version 11.2.202.424 or later. For Adobe AIR version prior to 15.0.0.293, update to version 15.0.0.293 or later. For Adobe AIR SDK version prior to 15.0.0.302, update to version 15.0.0.302 or later. For Adobe AIR SDK & Compiler version prior to 15.0.0.302, update to version 15.0.0.302 or later.

**Name of the Vulnerable Software and Affected Versions** Java Runtime Environment (affected versions not specified) **Description** The issue is related to the getMBeanInstantiator method in the JmxMBeanServer class of the Java Runtime Environment, which is associated with access control weaknesses. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.