ID

VAR-201203-0234


CVE

CVE-2012-0773


TITLE

Adobe Flash Player and AIR of NetStream Vulnerability in arbitrary code execution in class

Trust: 0.8

sources: JVNDB: JVNDB-2012-001954

DESCRIPTION

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player is prone to multiple memory-corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:0434-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0434.html Issue date: 2012-03-29 CVE Names: CVE-2012-0773 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.18-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.18-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.18-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.18-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.18-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.18-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.18-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.18-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.18-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.18-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0773.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-07.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPdBSFXlSAg2UNWIIRArd2AKCBKTfNknPvG1mKHmpb2GgtgBY1zACgvFKG lvZRVvElunVrz8W954tuAHw= =Nvc6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass intended access restrictions, bypass cross-domain policy, inject arbitrary web script, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228" References ========== [ 1 ] CVE-2011-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445 [ 2 ] CVE-2011-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450 [ 3 ] CVE-2011-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451 [ 4 ] CVE-2011-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452 [ 5 ] CVE-2011-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453 [ 6 ] CVE-2011-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454 [ 7 ] CVE-2011-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455 [ 8 ] CVE-2011-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456 [ 9 ] CVE-2011-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457 [ 10 ] CVE-2011-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458 [ 11 ] CVE-2011-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459 [ 12 ] CVE-2011-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460 [ 13 ] CVE-2012-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752 [ 14 ] CVE-2012-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753 [ 15 ] CVE-2012-0754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754 [ 16 ] CVE-2012-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755 [ 17 ] CVE-2012-0756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756 [ 18 ] CVE-2012-0767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767 [ 19 ] CVE-2012-0768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768 [ 20 ] CVE-2012-0769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769 [ 21 ] CVE-2012-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201204-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers. It is installed on 98% of computers. II. The vulnerability is caused by an invalid object being used when parsing a malformed video via "NetStream.appendBytes", which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP enabled. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. Binary Analysis & Exploits/PoCs --------------------------------------- In-depth technical analysis of the vulnerability and a working exploit are available through the VUPEN Binary Analysis & Exploits portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis & Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VI. CREDIT -------------- This vulnerability was discovered by Nicolas Joly of VUPEN Security VII. ABOUT VUPEN Security --------------------------- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as "Company of the Year 2011 in the Vulnerability Research Market" by Frost & Sullivan. VUPEN solutions include: * VUPEN Binary Analysis & Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php VIII. DISCLOSURE TIMELINE ----------------------------- 2012-03-07 - Vulnerability Demonstrated at Pwn20wn 2012-04-18 - Public disclosure . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48618 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48618/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48618 RELEASE DATE: 2012-03-29 DISCUSS ADVISORY: http://secunia.com/advisories/48618/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48618/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48618 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting and spoofing attacks and compromise a user's system. For more information: SA48623 2) An error within certain interaction handling may allow cross-site scripting attacks in EUC-JP. 3) An error in SVG text handling can be exploited to cause an out-of-bounds read. 4) An error in text fragment handling can be exploited to cause an out-of-bounds read. 5) An error exists within SPDY proxy certificate checking. 6) An off-by-one error exists in OpenType sanitizer. 7) A validation error exists within the handling of certain navigation requests from the renderer. 8) A use-after-free error exists in SVG clipping. 9) An unspecified error in Skia can be exploited to corrupt memory. 10) An error exists in v8. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Masato Kinugawa 3) Arthur Gerkis 4) miaubiz 5) Leonidas Kontothanassis, Google 6) Mateusz Jurczyk, Google Security Team 7) kuzzcc, Sergey Glazunov, PinkiePie, and scarybeasts, Google Chrome Security Team 8) Atte Kettunen, OUSPG 9) Omair 10) Christian Holler ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2012-0773 // JVNDB: JVNDB-2012-001954 // BID: 52748 // VULHUB: VHN-54054 // VULMON: CVE-2012-0773 // PACKETSTORM: 111351 // PACKETSTORM: 111931 // PACKETSTORM: 111430 // PACKETSTORM: 111995 // PACKETSTORM: 111985 // PACKETSTORM: 111449

AFFECTED PRODUCTS

vendor:adobemodel:flash playerscope:ltversion:10.3.183.18

Trust: 1.8

vendor:adobemodel:flash playerscope:gteversion:11.0

Trust: 1.0

vendor:xeroxmodel:freeflow print serverscope:eqversion:8.0

Trust: 1.0

vendor:adobemodel:flash playerscope:ltversion:11.2.202.228

Trust: 1.0

vendor:adobemodel:flash playerscope:ltversion:11.1.111.8

Trust: 1.0

vendor:adobemodel:airscope:ltversion:3.2.0.2070

Trust: 1.0

vendor:adobemodel:flash playerscope:ltversion:11.2.202.223

Trust: 1.0

vendor:adobemodel:airscope:eqversion:2.6

Trust: 0.9

vendor:adobemodel:airscope:eqversion:2.7

Trust: 0.9

vendor:adobemodel:airscope:eqversion:2.0.4

Trust: 0.9

vendor:adobemodel:airscope:eqversion:2.7.1

Trust: 0.9

vendor:adobemodel:airscope:lteversion:3.1.0.4880

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:11.1.102.63

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:11.1.111.7 (android 2.x)

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:11.1.111.7 (android 3.x)

Trust: 0.8

vendor:adobemodel:airscope:eqversion:3.1.0.485

Trust: 0.6

vendor:adobemodel:airscope:eqversion:3.0.0.408

Trust: 0.6

vendor:adobemodel:airscope:eqversion:2.7.1.19610

Trust: 0.6

vendor:adobemodel:airscope:eqversion:2.7.0.1953

Trust: 0.6

vendor:adobemodel:airscope:eqversion:3.1.0.488

Trust: 0.6

vendor:adobemodel:airscope:eqversion:2.7.0.1948

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:11.1.102.62

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.01

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.7

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2.12610

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:11

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.0

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.63

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:12.1

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementaryscope:eqversion:6

Trust: 0.3

vendor:adobemodel:airscope:neversion:3.2.0.2080

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9130

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19140

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.1.0.4880

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9120

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:redmodel:hat enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp2scope:eqversion:11

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.1

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:11.2.202.228

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7.1.1961

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5

Trust: 0.3

vendor:redmodel:hat enterprise linux server supplementaryscope:eqversion:6

Trust: 0.3

vendor:adobemodel:airscope:neversion:3.2.0.2070

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.5

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:11.1.111.8

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.0

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:11.2.202.223

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19120

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:redmodel:hat enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.65

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.64

Trust: 0.3

sources: BID: 52748 // JVNDB: JVNDB-2012-001954 // CNNVD: CNNVD-201203-531 // NVD: CVE-2012-0773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0773
value: HIGH

Trust: 1.0

NVD: CVE-2012-0773
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201203-531
value: CRITICAL

Trust: 0.6

VULHUB: VHN-54054
value: HIGH

Trust: 0.1

VULMON: CVE-2012-0773
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-0773
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2012-0773
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-54054
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54054 // VULMON: CVE-2012-0773 // JVNDB: JVNDB-2012-001954 // CNNVD: CNNVD-201203-531 // NVD: CVE-2012-0773

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-54054 // JVNDB: JVNDB-2012-001954 // NVD: CVE-2012-0773

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 111931 // PACKETSTORM: 111995 // CNNVD: CNNVD-201203-531

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201203-531

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001954

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-54054

PATCH

title:APSB12-07url:http://www.adobe.com/support/security/bulletins/apsb12-07.html

Trust: 0.8

title:APSB12-07 (cpsid_93381)url:http://kb2.adobe.com/jp/cps/933/cpsid_93381.html

Trust: 0.8

title:APSB12-07url:http://www.adobe.com/jp/support/security/bulletins/apsb12-07.html

Trust: 0.8

title:GLSA 201204-07url:http://www.gentoo.org/security/en/glsa/glsa-201204-07.xml

Trust: 0.8

title:openSUSE-SU-2012:0427url:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00017.html

Trust: 0.8

title:SUSE-SU-2012:0437url:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00018.html

Trust: 0.8

title:Multiple vulnerabilities in Adobe Flashplayer (Solaris 11)url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer6

Trust: 0.8

title:Multiple vulnerabilities in Adobe Flashplayer (Solaris 10)url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer5

Trust: 0.8

title:XRX13-003url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Trust: 0.8

title:アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20120330f.html

Trust: 0.8

title:Adobe Flash Player/AIR Fixes for arbitrary code execution vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=223265

Trust: 0.6

title:Red Hat: Critical: flash-plugin security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120434 - Security Advisory

Trust: 0.1

title: - url:https://github.com/yasuobgg/crawl_daily_ioc_using_OTXv2

Trust: 0.1

title: - url:https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/

Trust: 0.1

sources: VULMON: CVE-2012-0773 // JVNDB: JVNDB-2012-001954 // CNNVD: CNNVD-201203-531

EXTERNAL IDS

db:NVDid:CVE-2012-0773

Trust: 3.2

db:SECUNIAid:48618

Trust: 1.9

db:SECUNIAid:48819

Trust: 1.9

db:SECUNIAid:48652

Trust: 1.9

db:SECTRACKid:1026859

Trust: 1.8

db:JVNDBid:JVNDB-2012-001954

Trust: 0.8

db:CNNVDid:CNNVD-201203-531

Trust: 0.7

db:BIDid:52748

Trust: 0.3

db:PACKETSTORMid:111995

Trust: 0.2

db:PACKETSTORMid:111351

Trust: 0.2

db:VULHUBid:VHN-54054

Trust: 0.1

db:VULMONid:CVE-2012-0773

Trust: 0.1

db:PACKETSTORMid:111931

Trust: 0.1

db:PACKETSTORMid:111430

Trust: 0.1

db:PACKETSTORMid:111985

Trust: 0.1

db:PACKETSTORMid:111449

Trust: 0.1

sources: VULHUB: VHN-54054 // VULMON: CVE-2012-0773 // BID: 52748 // JVNDB: JVNDB-2012-001954 // PACKETSTORM: 111351 // PACKETSTORM: 111931 // PACKETSTORM: 111430 // PACKETSTORM: 111995 // PACKETSTORM: 111985 // PACKETSTORM: 111449 // CNNVD: CNNVD-201203-531 // NVD: CVE-2012-0773

REFERENCES

url:http://www.adobe.com/support/security/bulletins/apsb12-07.html

Trust: 2.3

url:http://security.gentoo.org/glsa/glsa-201204-07.xml

Trust: 2.0

url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf

Trust: 1.8

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15391

Trust: 1.8

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16157

Trust: 1.8

url:http://www.securitytracker.com/id?1026859

Trust: 1.8

url:http://secunia.com/advisories/48618

Trust: 1.8

url:http://secunia.com/advisories/48652

Trust: 1.8

url:http://secunia.com/advisories/48819

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00018.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00017.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0773

Trust: 0.8

url:https://www.jpcert.or.jp/at/2012/at120011.txt

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0773

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/#topics

Trust: 0.8

url:http://www.adobe.com/products/flash/

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer

Trust: 0.3

url:/archive/1/522413

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-0773

Trust: 0.3

url:http://secunia.com/psi_30_beta_launch

Trust: 0.3

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.3

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.3

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.3

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.3

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2012:0434

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=25540

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0773.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-0434.html

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:http://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0755

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0752

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0754

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2457

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0769

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0753

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0755

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2455

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2454

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2458

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0756

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2450

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0754

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2456

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0752

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2458

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2451

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2456

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2453

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0769

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2459

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2455

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0756

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0753

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2459

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2445

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2457

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2453

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2460

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2451

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2445

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2450

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0768

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2460

Trust: 0.1

url:http://secunia.com/advisories/48652/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48652

Trust: 0.1

url:https://hermes.opensuse.org/messages/14108291

Trust: 0.1

url:http://secunia.com/advisories/48652/#comments

Trust: 0.1

url:http://www.vupen.com/english/research.php

Trust: 0.1

url:http://www.vupen.com/english/services/ba-index.php

Trust: 0.1

url:http://twitter.com/vupen

Trust: 0.1

url:http://www.vupen.com/english/services/tpp-index.php

Trust: 0.1

url:http://secunia.com/advisories/48819/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48819

Trust: 0.1

url:http://secunia.com/advisories/48819/#comments

Trust: 0.1

url:http://secunia.com/advisories/48618/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48618

Trust: 0.1

url:http://secunia.com/advisories/48618/

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html

Trust: 0.1

sources: VULHUB: VHN-54054 // VULMON: CVE-2012-0773 // BID: 52748 // JVNDB: JVNDB-2012-001954 // PACKETSTORM: 111351 // PACKETSTORM: 111931 // PACKETSTORM: 111430 // PACKETSTORM: 111995 // PACKETSTORM: 111985 // PACKETSTORM: 111449 // CNNVD: CNNVD-201203-531 // NVD: CVE-2012-0773

CREDITS

Microsoft Vulnerability Research and anonymous through TippingPoint's Zero Day Initiative

Trust: 0.3

sources: BID: 52748

SOURCES

db:VULHUBid:VHN-54054
db:VULMONid:CVE-2012-0773
db:BIDid:52748
db:JVNDBid:JVNDB-2012-001954
db:PACKETSTORMid:111351
db:PACKETSTORMid:111931
db:PACKETSTORMid:111430
db:PACKETSTORMid:111995
db:PACKETSTORMid:111985
db:PACKETSTORMid:111449
db:CNNVDid:CNNVD-201203-531
db:NVDid:CVE-2012-0773

LAST UPDATE DATE

2024-11-23T21:10:35.609000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-54054date:2023-01-30T00:00:00
db:VULMONid:CVE-2012-0773date:2023-01-30T00:00:00
db:BIDid:52748date:2015-03-19T09:48:00
db:JVNDBid:JVNDB-2012-001954date:2013-06-07T00:00:00
db:CNNVDid:CNNVD-201203-531date:2023-02-01T00:00:00
db:NVDid:CVE-2012-0773date:2024-11-21T01:35:42.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-54054date:2012-03-28T00:00:00
db:VULMONid:CVE-2012-0773date:2012-03-28T00:00:00
db:BIDid:52748date:2012-03-28T00:00:00
db:JVNDBid:JVNDB-2012-001954date:2012-03-30T00:00:00
db:PACKETSTORMid:111351date:2012-03-29T23:51:47
db:PACKETSTORMid:111931date:2012-04-18T07:24:46
db:PACKETSTORMid:111430date:2012-04-01T09:49:51
db:PACKETSTORMid:111995date:2012-04-19T13:19:22
db:PACKETSTORMid:111985date:2012-04-19T09:17:57
db:PACKETSTORMid:111449date:2012-04-01T09:50:46
db:CNNVDid:CNNVD-201203-531date:2012-03-29T00:00:00
db:NVDid:CVE-2012-0773date:2012-03-28T19:55:00.973