You are here

V-018: Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code

November 7, 2012 - 6:00am

Addthis

PROBLEM:

Adobe Flash Player Buffer Overflows and Memory Corruption Errors Let Remote Users Execute Arbitrary Code

PLATFORM:

Adobe Flash Player 11.4.402.287 and prior for Windows and OS X; 11.2.202.243 and prior for Linux

ABSTRACT:

Several vulnerabilities were reported in Adobe Flash Player.

REFERENCE LINKS:

Adobe Vulnerability identifier: APSB12-24
SecurityTracker Alert ID:  1027730
CVE-2012-5274
CVE-2012-5275
CVE-2012-5276
CVE-2012-5277
CVE-2012-5278
CVE-2012-5279
CVE-2012-5280

IMPACT ASSESSMENT:

High

DISCUSSION:

Several vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

Buffer overflows can trigger code execution [CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280].

Memory corruption flaws can trigger code execution [CVE-2012-5279].

A security bypass flaw can trigger code execution [CVE-2012-5278].

IMPACT:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system

A remote user can cause denial of service conditions.

SOLUTION:

The vendor has issued a fix (11.5.502.110 for Windows and OS X, 11.2.202.251 for Linux, 11.1.111.24 for Android 2.x and 3.x, 11.1.115.27 for Android 4.x, 11.5.31.2 for Chrome, 11.3.376.12 for Internet Explorer 10).

Addthis