Adobe Flash Player 220.127.116.11 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful an attacker must persuade a user to open a malicious website.
Adobe Flash Player before 18.104.22.1686 and 19.x through 22.x before 22.214.171.124 on Windows and OS X and before 126.96.36.1992 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Integer overflow in Adobe Flash Player allows attackers to execute arbitrary code.