CVE-2012-5677
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — http://www.adobe.com/support/security/bulletins/apsb12-27.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | - | not-affected | |
| linux-kernel | - | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | flash_player | {"startIncluding":"10.3","endExcluding":"10.3.183.48"} | 10.3.183.48 |
| adobe | air | {"endExcluding":"3.5.0.880"} | 3.5.0.880 |
| adobe | air_sdk | {"endExcluding":"3.5.0.880"} | 3.5.0.880 |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html
- http://www.adobe.com/support/security/bulletins/apsb12-27.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html
- http://www.adobe.com/support/security/bulletins/apsb12-27.html
CWEs
CWE-189
Verify integrity in audit chain (admin only). AS-IS.