You are here

U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information

August 22, 2012 - 7:00am

Addthis

 PROBLEM:

Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information

 PLATFORM:

Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux operating systems
Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x
Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x
Adobe AIR 3.3.0.3670 and earlier versions for Windows and Macintosh
Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) and earlier versions
Adobe AIR 3.3.0.3650 and earlier versions for Android

 ABSTRACT:

Several vulnerabilities were reported in Adobe Flash Player.

 reference  LINKS:

Adobe.com
Adobe Vulnerability identifier: APSB12-19
SecurityTracker Alert ID: 1027422
CVE-2012-4163, CVE-2012-4164, CVE-2012-4165,
CVE-2012-4166, CVE-2012-4167, CVE-2012-4168

IMPACT ASSESSMENT:

High

Discussion:

A remote user can create specially crafted content that, when loaded by the target user, will trigger a memory corruption error [CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166] or integer overflow [CVE-2012-4167] and execute arbitrary code on the target system. The code will run with the privileges of the target user. A remote user can exploit a cross-domain flaw to obtain information from a different domain [CVE-2012-4168].

Impact:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can obtain potentially sensitive information.

Solution:

The vendor has issued a fix: Security updates available for Adobe Flash Player .(11.4.402.265 for Windows and OS X; 11.2.202.238 for Linux; 11.1.111.16 for Android 2.x and 3.x; 11.1.115.17 for Android 4.x).
 

Addthis