CVE-2012-5678
Description
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — http://www.adobe.com/support/security/bulletins/apsb12-27.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | - | not-affected | |
| linux-kernel | - | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | flash_player | {"startIncluding":"10.3","endExcluding":"10.3.183.48"} | 10.3.183.48 |
| adobe | air | {"endExcluding":"3.5.0.880"} | 3.5.0.880 |
| adobe | air_sdk | {"endExcluding":"3.5.0.880"} | 3.5.0.880 |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html
- http://www.adobe.com/support/security/bulletins/apsb12-27.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html
- http://www.adobe.com/support/security/bulletins/apsb12-27.html
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.