Details of VAR-201211-0371

ID

VAR-201211-0371

CVE

CVE-2012-5285

TITLE

Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2012-005331

DESCRIPTION

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. This vulnerability APSB12-22 This is a different vulnerability than other buffer overflow vulnerabilities listed on the list.An attacker could execute arbitrary code. The product enables viewing of applications, content and video across screens and browsers

Trust: 1.98

sources: NVD: CVE-2012-5285 // JVNDB: JVNDB-2012-005331 // BID: 56374 // VULHUB: VHN-58566

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	gte	version:	11.2	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	11.4.402.287	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	10.3.183.29	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.243	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lt	version:	3.4.0.2710	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	11.1.115.20	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	11.4	Trust: 1.0
vendor:	adobe	model:	air	scope:	lt	version:	3.4.0.2710	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	11.1.111.19	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	11.1	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	10.3	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	android)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	macintosh	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(android 2.x 3.x)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(android 4.x)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.x (linux)	Trust: 0.8
vendor:	microsoft	model:	windows 8	scope:	eq	version:	for 64-bit systems (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(windows	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.19	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	(air for ios include )	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.243	Trust: 0.8
vendor:	microsoft	model:	windows 8	scope:	eq	version:	for 32-bit systems (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.287	Trust: 0.8
vendor:	microsoft	model:	windows server	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.29	Trust: 0.8
vendor:	google	model:	chrome	scope:	lt	version:	22.0.1229.92	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	3.4.0.2710	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.20	Trust: 0.8
vendor:	microsoft	model:	windows 8	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(linux)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	3.4.0.2710	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(windows macintosh)	Trust: 0.8
vendor:	microsoft	model:	windows server	scope:	eq	version:	2012 (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	microsoft	model:	windows	scope:	eq	version:	rt (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.6
vendor:	adobe	model:	air sdk	scope:	eq	version:	3.4.0.2540	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	1.0.4990	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	3.4.0.2540	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	1.0.1	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.0.7220	Trust: 0.6

sources: JVNDB: JVNDB-2012-005331 // CNNVD: CNNVD-201211-086 // NVD: CVE-2012-5285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5285
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-5285
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201211-086
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-58566
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-5285
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-58566
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-58566 // JVNDB: JVNDB-2012-005331 // CNNVD: CNNVD-201211-086 // NVD: CVE-2012-5285

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-58566 // JVNDB: JVNDB-2012-005331 // NVD: CVE-2012-5285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201211-086

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201211-086

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005331

PATCH

title:	APSB12-22	url:	http://www.adobe.com/support/security/bulletins/apsb12-22.html	Trust: 0.8
title:	APSB12-22	url:	http://www.adobe.com/jp/support/security/bulletins/apsb12-22.html	Trust: 0.8
title:	Google Chrome	url:	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2012/10/stable-channel-update.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)	url:	http://technet.microsoft.com/en-us/security/advisory/2755801	Trust: 0.8
title:	Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム (2755801)	url:	http://technet.microsoft.com/ja-jp/security/advisory/2755801	Trust: 0.8
title:	fp_10.3.183.67_archive	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45849	Trust: 0.6
title:	install_flash_player_ics	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45853	Trust: 0.6
title:	fp_11.2.202.275_archive	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45848	Trust: 0.6
title:	AdobeAIRInstaller	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45852	Trust: 0.6
title:	fp_10.3.183.68_archive	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45847	Trust: 0.6

sources: JVNDB: JVNDB-2012-005331 // CNNVD: CNNVD-201211-086

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5285	Trust: 2.8
db:	BID	id:	56374	Trust: 2.0
db:	OSVDB	id:	86874	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-005331	Trust: 0.8
db:	CNNVD	id:	CNNVD-201211-086	Trust: 0.7
db:	VULHUB	id:	VHN-58566	Trust: 0.1

sources: VULHUB: VHN-58566 // BID: 56374 // JVNDB: JVNDB-2012-005331 // CNNVD: CNNVD-201211-086 // NVD: CVE-2012-5285

REFERENCES

url:	http://www.adobe.com/support/security/bulletins/apsb12-22.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/56374	Trust: 1.7
url:	http://osvdb.org/86874	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/79770	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5285	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20121009-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2012/at120031.txt	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5285	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/#topics	Trust: 0.8
url:	http://www.adobe.com/products/air/	Trust: 0.3
url:	http://www.adobe.com/products/flash/	Trust: 0.3

sources: VULHUB: VHN-58566 // BID: 56374 // JVNDB: JVNDB-2012-005331 // CNNVD: CNNVD-201211-086 // NVD: CVE-2012-5285

CREDITS

Mateusz Jurczyk, Gynvael Coldwind and Fermin Serna of the Google Security Team

Trust: 0.9

sources: BID: 56374 // CNNVD: CNNVD-201211-086

SOURCES

db:	VULHUB	id:	VHN-58566
db:	BID	id:	56374
db:	JVNDB	id:	JVNDB-2012-005331
db:	CNNVD	id:	CNNVD-201211-086
db:	NVD	id:	CVE-2012-5285

LAST UPDATE DATE

2024-08-14T14:52:40.196000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-58566	date:	2018-12-04T00:00:00
db:	BID	id:	56374	date:	2013-06-20T09:41:00
db:	JVNDB	id:	JVNDB-2012-005331	date:	2012-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201211-086	date:	2012-11-14T00:00:00
db:	NVD	id:	CVE-2012-5285	date:	2018-12-04T17:56:54.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-58566	date:	2012-11-13T00:00:00
db:	BID	id:	56374	date:	2012-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2012-005331	date:	2012-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201211-086	date:	2012-11-06T00:00:00
db:	NVD	id:	CVE-2012-5285	date:	2012-11-13T13:39:47.093