1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Integer Overflow Capability Group

Known Exploited Vulnerabilities Integer Overflow Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2016-1010 Adobe Flash Player and AIR Integer Overflow Vulnerability exploitation_technique T1574 Hijack Execution Flow
Comments
This vulnerability is exploited via an integer overflow.
References
  1. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/7007/adobe-flash-player-integer-overflow-vulnerability-cve20161010
CVE-2012-5054 Adobe Flash Player Integer Overflow Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
This vulnerability can be exploited by a malicioiusly-crafted webpage via drive-by compromise.
References
  1. https://packetstormsecurity.com/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html
CVE-2015-8651 Adobe Flash Player Integer Overflow Vulnerability secondary_impact T1486 Data Encrypted for Impact
Comments
This vulnerability is exploited with maliciously-crafted code hosted on a website via drive-by compromise. It has been seen used in the wild by exploit kits whose goal is frequently to load ransomware onto the target machine.
References
  1. https://blogs.quickheal.com/anatomy-flash-exploit-cve-2015-8651-integrated-rig-exploit-kit/
CVE-2015-8651 Adobe Flash Player Integer Overflow Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
This vulnerability is exploited with maliciously-crafted code hosted on a website via drive-by compromise. It has been seen used in the wild by exploit kits whose goal is frequently to load ransomware onto the target machine.
References
  1. https://blogs.quickheal.com/anatomy-flash-exploit-cve-2015-8651-integrated-rig-exploit-kit/
CVE-2015-8651 Adobe Flash Player Integer Overflow Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
This vulnerability is exploited with maliciously-crafted code hosted on a website via drive-by compromise. It has been seen used in the wild by exploit kits whose goal is frequently to load ransomware onto the target machine.
References
  1. https://blogs.quickheal.com/anatomy-flash-exploit-cve-2015-8651-integrated-rig-exploit-kit/
CVE-2023-2136 Google Chrome Skia Integer Overflow Vulnerability exploitation_technique T1204.001 Malicious Link
Comments
This integer overflow vulnerability is exploited by a remote attacker who has already compromised the renderer process of Google Chrome. Exploiting this vulnerability might lead to incorrect rendering, memory corruption, and arbitrary code execution that could grant the adversary unauthorized access to the system. Exploitation in the wild techniques have not been publicly released to reduce further abuse.
References
  1. https://www.bleepingcomputer.com/news/security/google-patches-another-actively-exploited-chrome-zero-day/
  2. https://thehackernews.com/2023/04/google-chrome-hit-by-second-zero-day.html

Capabilities

Capability ID Capability Name Number of Mappings
CVE-2015-8651 Adobe Flash Player Integer Overflow Vulnerability 3
CVE-2016-1010 Adobe Flash Player and AIR Integer Overflow Vulnerability 1
CVE-2023-2136 Google Chrome Skia Integer Overflow Vulnerability 1
CVE-2012-5054 Adobe Flash Player Integer Overflow Vulnerability 1