You are here

U-187: Adobe Flash Player Multiple Vulnerabilities

June 11, 2012 - 7:00am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in Adobe Flash Player

PLATFORM:

Adobe Flash Player 11.2.202.235 and earlier for Windows, Macintosh and Linux
Adobe Flash Player 11.1.115.8 and earlier for Android 4.x
Adobe Flash Player 11.1.111.9 and earlier for Android 3.x and 2.x
Adobe AIR 3.2.0.2070 and earlier for Windows, Macintosh and Android

ABSTRACT:

Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Reference LINKS:

Adobe Security Bulletin

CVE-2012-2034 CVE-2012-2035
CVE-2012-2036 CVE-2012-2037
CVE-2012-2038 CVE-2012-2039
CVE-2012-2040

Secunia Advisory 49388

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) An unspecified error can be exploited to corrupt memory.
2) An unspecified error can be exploited to cause a stack-based buffer overflow.
3) An integer overflow error can be exploited to corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
5) An error in the "SoundMixer.computeSpectrum()" method can be exploited to bypass the same-origin policy.
6) Unspecified errors related to "null dereference" may reportedly allow code execution.
7) An unspecified error in the installer allows planting a binary file and may allow execution of arbitrary code.

Impact:

Security Bypass System access

Solution:

Adobe recommends users update their software installations

Addthis