You are here

V-046: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code

December 13, 2012 - 3:30am

Addthis

PROBLEM:

Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code

PLATFORM:

Version(s): 11.5.502.110 and prior for Windows/Mac; 11.2.202.251 and prior for Linux

ABSTRACT:

Several vulnerabilities were reported in Adobe Flash Player.

REFERENCE LINKS:

Adobe Vulnerability identifier: APSB12-27
SecurityTracker Alert ID:  1027854
Secunia Advisory SA51560
RHSA-2012:1569-1
CVE-2012-5676
CVE-2012-5677
CVE-2012-5678 

IMPACT ASSESSMENT:

High

DISCUSSION:

A buffer overflow can trigger code execution [CVE-2012-5676].

An integer overflow can trigger code execution [CVE-2012-5677].

A memory corruption flaw can trigger code execution [CVE-2012-5678].

IMPACT:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

The vendor has issued a fix (11.5.502.135 for Windows, 11.5.502.136 for Mac, 11.2.202.258 for Linux, 11.1.115.34 for Android 4.x, 11.1.111.29 for Android 3.x and 2.x).

Addthis