ID

VAR-201203-0237


CVE

CVE-2012-0768


TITLE

Adobe Flash Player of Matrix3D Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2012-001628

DESCRIPTION

The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:0359-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0359.html Issue date: 2012-03-06 CVE Names: CVE-2012-0768 CVE-2012-0769 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed on the Adobe security page APSB12-05, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2012-0768) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 800160 - CVE-2012-0768 flash-plugin: code execution flaw (APSB12-05) 800182 - CVE-2012-0769 flash-plugin: information disclosure flaw (APSB12-05) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.16-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.16-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.16-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.16-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.16-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.16-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.16-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.16-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.16-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.16-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0768.html https://www.redhat.com/security/data/cve/CVE-2012-0769.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-05.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPVlxDXlSAg2UNWIIRAsGIAKCQ4ukSxga3PZBs4a8dSOq0csTF4ACdHC3v J2MTx2tXEjMEeOA8LWGPxaY= =FiH1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201204-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: April 17, 2012 Bugs: #390149, #404101, #407023, #410005 ID: 201204-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Adobe Flash Player, the worst of which might allow remote attackers to execute arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass intended access restrictions, bypass cross-domain policy, inject arbitrary web script, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228" References ========== [ 1 ] CVE-2011-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445 [ 2 ] CVE-2011-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450 [ 3 ] CVE-2011-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451 [ 4 ] CVE-2011-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452 [ 5 ] CVE-2011-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453 [ 6 ] CVE-2011-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454 [ 7 ] CVE-2011-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455 [ 8 ] CVE-2011-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456 [ 9 ] CVE-2011-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457 [ 10 ] CVE-2011-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458 [ 11 ] CVE-2011-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459 [ 12 ] CVE-2011-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460 [ 13 ] CVE-2012-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752 [ 14 ] CVE-2012-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753 [ 15 ] CVE-2012-0754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754 [ 16 ] CVE-2012-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755 [ 17 ] CVE-2012-0756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756 [ 18 ] CVE-2012-0767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767 [ 19 ] CVE-2012-0768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768 [ 20 ] CVE-2012-0769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769 [ 21 ] CVE-2012-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201204-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers. II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a memory corruption error within the Matrix3D class when processing malformed 3D data within SWF files, which could be exploited by attackers to potentially compromise a vulnerable system or disclose memory information by tricking a user into visiting a specially crafted web page. III. Binary Analysis & Exploits/PoCs --------------------------------------- In-depth technical analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis & Exploits portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis & Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program ----------------------------------- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. VII. CREDIT -------------- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --------------------------- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as "Company of the Year 2011 in the Vulnerability Research Market" by Frost & Sullivan. VUPEN solutions include: * VUPEN Binary Analysis & Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. DISCLOSURE TIMELINE ----------------------------- 2012-01-27 - Vulnerability Discovered by VUPEN 2012-03-15 - Public disclosure . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Gentoo update for adobe-flash SECUNIA ADVISORY ID: SA48819 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48819 RELEASE DATE: 2012-04-18 DISCUSS ADVISORY: http://secunia.com/advisories/48819/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48819/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48819 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for adobe-flash. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, gain knowledge of potentially sensitive information, bypass certain security restrictions, and compromise a user's system. For more information: SA46818 SA48033 SA48281 SA48623 (#2) SOLUTION: Update to "www-plugins/adobe-flash-11.2.202.228" or later. ORIGINAL ADVISORY: GLSA 201204-07: http://security.gentoo.org/glsa/glsa-201204-07.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2012-0768 // JVNDB: JVNDB-2012-001628 // BID: 52297 // VULHUB: VHN-54049 // PACKETSTORM: 110490 // PACKETSTORM: 111931 // PACKETSTORM: 110997 // PACKETSTORM: 111985

AFFECTED PRODUCTS

vendor:adobemodel:flash playerscope:eqversion:11.1.102.62

Trust: 1.9

vendor:adobemodel:flash player for androidscope:eqversion:11.1.111.5

Trust: 1.6

vendor:adobemodel:flash player for androidscope:eqversion:11.1.112.61

Trust: 1.6

vendor:adobemodel:flash player for androidscope:eqversion:11.1.112.60

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:11.1

Trust: 1.6

vendor:adobemodel:flash player for androidscope:eqversion:11.1.102.59

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:9.0.246.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:8.0.35.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.115.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.280

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.25

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.1

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.156.12

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.2

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.155.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.33

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.13

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.153.1

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.22

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.157.51

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.26

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.14

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.8

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.15

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.32

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.16

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.28.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.260.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.14.1

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.32.18

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.277.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.7

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.36

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.283.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.53.64

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.124.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.34

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.152.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.22.87

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.85.3

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.82.76

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.159.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.10

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.151.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:11.0.1.152

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.15.3

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.31.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.159.1

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.105.6

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.47.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.45.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:8.0.34.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.0.42.34

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:9.0.48.0

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.5

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.10

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.106.16

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.64

Trust: 1.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.26

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.1

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.33.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.24.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:6.0.21.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.3.183.11

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.0.45.2

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.61.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.20

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:11.0

Trust: 1.0

vendor:adobemodel:flash player for androidscope:lteversion:11.1.115.6

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.2

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.1

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.16

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.22.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.60.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.25

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:6.0.79

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:6

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.53.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.20.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.0.12.10

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.14.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.66.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.112.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.114.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.19.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.18d60

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:10.0.0.584

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.125.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.24.0

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:10.3.183.15

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:2

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.63

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.125.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.9.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.73.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.1.1

Trust: 1.0

vendor:adobemodel:flash player for androidscope:lteversion:11.1.111.6

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.28

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:11.0.1.153

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.67.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.39.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:5

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:9.0.31

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.68.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.70.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:8.0.42.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.69.0

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:4

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:7.0.1

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:3

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:11.1.102.63

Trust: 0.8

vendor:adobemodel:flash playerscope:eqversion:11.1.111.7

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:11.x

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:for android 3.x 2.x

Trust: 0.8

vendor:adobemodel:flash playerscope:eqversion:11.1.115.7

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:for android 4.x

Trust: 0.8

vendor:adobemodel:flash player for androidscope:eqversion:11.1.115.6

Trust: 0.6

vendor:adobemodel:flash player for androidscope:eqversion:11.1.111.6

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.0.12.35

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.21

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1 for sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.22

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.51.66

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.27

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.2460

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.6

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:11.1.102.63

Trust: 0.3

vendor:redmodel:hat enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.112.61

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.24

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.23

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.3218

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.289.0

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementaryscope:eqversion:6

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:11.1.111.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.25

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.23

Trust: 0.3

vendor:adobemodel:flash playerscope:neversion:11.1.115.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.7

Trust: 0.3

vendor:redmodel:hat enterprise linux server supplementaryscope:eqversion:6

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.452

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:11

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.4

Trust: 0.3

vendor:adobemodel:flash player release candidascope:eqversion:10.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.28

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:redmodel:hat enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.65

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.6

Trust: 0.3

sources: BID: 52297 // JVNDB: JVNDB-2012-001628 // CNNVD: CNNVD-201203-046 // NVD: CVE-2012-0768

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0768
value: HIGH

Trust: 1.0

NVD: CVE-2012-0768
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201203-046
value: CRITICAL

Trust: 0.6

VULHUB: VHN-54049
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-0768
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-54049
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54049 // JVNDB: JVNDB-2012-001628 // CNNVD: CNNVD-201203-046 // NVD: CVE-2012-0768

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-54049 // JVNDB: JVNDB-2012-001628 // NVD: CVE-2012-0768

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 111931 // CNNVD: CNNVD-201203-046

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201203-046

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001628

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-54049

PATCH

title:APSB12-05url:http://www.adobe.com/support/security/bulletins/apsb12-05.html

Trust: 0.8

title:APSB12-05 (cpsid_93265)url:http://kb2.adobe.com/jp/cps/932/cpsid_93265.html

Trust: 0.8

title:APSB12-05url:http://www.adobe.com/jp/support/security/bulletins/apsb12-05.html

Trust: 0.8

title:GLSA 201204-07url:http://www.gentoo.org/security/en/glsa/glsa-201204-07.xml

Trust: 0.8

title:Multiple vulnerabilities in Adobe Flashplayer (Solaris 10)url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer5

Trust: 0.8

title:Multiple vulnerabilities in Adobe Flashplayer (Solaris 11)url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer6

Trust: 0.8

title:XRX13-003url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2012-001628

EXTERNAL IDS

db:NVDid:CVE-2012-0768

Trust: 3.1

db:SECUNIAid:48819

Trust: 1.2

db:JVNDBid:JVNDB-2012-001628

Trust: 0.8

db:CNNVDid:CNNVD-201203-046

Trust: 0.7

db:BIDid:52297

Trust: 0.4

db:PACKETSTORMid:110490

Trust: 0.2

db:PACKETSTORMid:110997

Trust: 0.2

db:SEEBUGid:SSVID-30173

Trust: 0.1

db:VULHUBid:VHN-54049

Trust: 0.1

db:PACKETSTORMid:111931

Trust: 0.1

db:PACKETSTORMid:111985

Trust: 0.1

sources: VULHUB: VHN-54049 // BID: 52297 // JVNDB: JVNDB-2012-001628 // PACKETSTORM: 110490 // PACKETSTORM: 111931 // PACKETSTORM: 110997 // PACKETSTORM: 111985 // CNNVD: CNNVD-201203-046 // NVD: CVE-2012-0768

REFERENCES

url:http://www.adobe.com/support/security/bulletins/apsb12-05.html

Trust: 2.2

url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf

Trust: 1.4

url:http://security.gentoo.org/glsa/glsa-201204-07.xml

Trust: 1.3

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15058

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15922

Trust: 1.1

url:http://secunia.com/advisories/48819

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00006.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00005.html

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0768

Trust: 0.8

url:https://www.jpcert.or.jp/at/2012/at120007.txt

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0768

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/#topics

Trust: 0.8

url:http://www.adobe.com

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_xrx12-009_v1.1.pdf

Trust: 0.3

url:/archive/1/522006

Trust: 0.3

url:http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=b3fd4a032ffaab14056f3a26e6418435?externalid=kb31675&sliceid=1&cmd=displaykc&doctype=kc&nocount=true&vieweddocslisthelper=com.kanisa.a

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/1683f-4d960e4b16bb2/cert_xrx13-004_v1.01.pdf

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-0768

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-0769

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0768.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:http://bugzilla.redhat.com/):

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0769.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-0359.html

Trust: 0.1

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0755

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0752

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0754

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2457

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0753

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0755

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2455

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2454

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2458

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0756

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2450

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0754

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2456

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0752

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2458

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2451

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2456

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2453

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0769

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2459

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2455

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0756

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0753

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2459

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2445

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2457

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2453

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2460

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2451

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2445

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2450

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0767

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2460

Trust: 0.1

url:http://www.vupen.com/english/research.php

Trust: 0.1

url:http://www.vupen.com/english/services/ba-index.php

Trust: 0.1

url:http://twitter.com/vupen

Trust: 0.1

url:http://www.vupen.com/english/services/tpp-index.php

Trust: 0.1

url:http://secunia.com/psi_30_beta_launch

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/advisories/48819/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48819

Trust: 0.1

url:http://secunia.com/advisories/48819/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-54049 // BID: 52297 // JVNDB: JVNDB-2012-001628 // PACKETSTORM: 110490 // PACKETSTORM: 111931 // PACKETSTORM: 110997 // PACKETSTORM: 111985 // CNNVD: CNNVD-201203-046 // NVD: CVE-2012-0768

CREDITS

Tavis Ormandy

Trust: 0.3

sources: BID: 52297

SOURCES

db:VULHUBid:VHN-54049
db:BIDid:52297
db:JVNDBid:JVNDB-2012-001628
db:PACKETSTORMid:110490
db:PACKETSTORMid:111931
db:PACKETSTORMid:110997
db:PACKETSTORMid:111985
db:CNNVDid:CNNVD-201203-046
db:NVDid:CVE-2012-0768

LAST UPDATE DATE

2024-11-23T20:40:36.712000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-54049date:2018-10-30T00:00:00
db:BIDid:52297date:2015-03-19T09:34:00
db:JVNDBid:JVNDB-2012-001628date:2013-06-07T00:00:00
db:CNNVDid:CNNVD-201203-046date:2012-03-13T00:00:00
db:NVDid:CVE-2012-0768date:2024-11-21T01:35:41.410

SOURCES RELEASE DATE

db:VULHUBid:VHN-54049date:2012-03-05T00:00:00
db:BIDid:52297date:2012-03-05T00:00:00
db:JVNDBid:JVNDB-2012-001628date:2012-03-07T00:00:00
db:PACKETSTORMid:110490date:2012-03-06T23:59:11
db:PACKETSTORMid:111931date:2012-04-18T07:24:46
db:PACKETSTORMid:110997date:2012-03-20T00:36:27
db:PACKETSTORMid:111985date:2012-04-19T09:17:57
db:CNNVDid:CNNVD-201203-046date:2012-03-06T00:00:00
db:NVDid:CVE-2012-0768date:2012-03-05T21:55:00.870