The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability.
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful an attacker must persuade a user to open a malicious website.
Adobe Flash Player before 126.96.36.1996 and 19.x through 22.x before 188.8.131.52 on Windows and OS X and before 184.108.40.2062 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
The Java Runtime Environment component in Oracle Java allows remote attackers to affect confidentiality via vectors related to JMX.