CVE-2012-0751
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — http://www.adobe.com/support/security/bulletins/apsb12-03.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | - | not-affected | |
| linux-kernel | - | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | flash_player | {"endExcluding":"10.3.183.15"} | 10.3.183.15 |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
- http://secunia.com/advisories/48265
- http://www.adobe.com/support/security/bulletins/apsb12-03.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14985
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
- http://secunia.com/advisories/48265
- http://www.adobe.com/support/security/bulletins/apsb12-03.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14985
CWEs
CWE-787
Verify integrity in audit chain (admin only). AS-IS.