Details of VAR-201211-0376

ID

VAR-201211-0376

CVE

CVE-2012-5286

TITLE

Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2012-005333

DESCRIPTION

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. This vulnerability APSB12-22 This is a different vulnerability than other buffer overflow vulnerabilities listed on the list.An attacker could execute arbitrary code. The product enables viewing of applications, content and video across screens and browsers

Trust: 1.98

sources: NVD: CVE-2012-5286 // JVNDB: JVNDB-2012-005333 // BID: 56375 // VULHUB: VHN-58567

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.243	Trust: 1.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.287	Trust: 1.8
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 1.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 1.6
vendor:	adobe	model:	air	scope:	eq	version:	1.0.4990	Trust: 1.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 1.6
vendor:	adobe	model:	air	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 1.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 1.6
vendor:	adobe	model:	air	scope:	eq	version:	1.5.0.7220	Trust: 1.6
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.265	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.23	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.115.12	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	lte	version:	11.1.115.17	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.238	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.16	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.257	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	10.3.183.25	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.26	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.19610	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.18	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.7	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.0.8.4990	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.1948	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.19480	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	10.3.186.7	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.278	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.207	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.5	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.488	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	3.4.0.2540	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	10.2.157.51	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.115.7	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.273	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.112.61	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.6.0.19120	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.0.1.153	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3.13070	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1.17730	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.1953	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.112.60	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.268	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.115.11	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.20	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	10.1.106.17	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.0.0.4080	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	lte	version:	11.1.111.16	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	3.4.0.2540	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.9	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.3.0.3670	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.271	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.262	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.485	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.8	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.11	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.6.0.19140	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.5.0.16600	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.1.0.5790	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1.8210	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.265	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.115.8	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.102.59	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.19530	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.15	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.0.0.408	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.10	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	android)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	macintosh	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(android 2.x 3.x)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(android 4.x)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.x (linux)	Trust: 0.8
vendor:	microsoft	model:	windows 8	scope:	eq	version:	for 64-bit systems (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(windows	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.19	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	(air for ios include )	Trust: 0.8
vendor:	microsoft	model:	windows 8	scope:	eq	version:	for 32-bit systems (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	microsoft	model:	windows server	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.29	Trust: 0.8
vendor:	google	model:	chrome	scope:	lt	version:	22.0.1229.92	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	3.4.0.2710	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.20	Trust: 0.8
vendor:	microsoft	model:	windows 8	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(linux)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	3.4.0.2710	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(windows macintosh)	Trust: 0.8
vendor:	microsoft	model:	windows server	scope:	eq	version:	2012 (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	microsoft	model:	windows	scope:	eq	version:	rt (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	3.4.0.2540	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	3.4.0.2540	Trust: 0.6

sources: JVNDB: JVNDB-2012-005333 // CNNVD: CNNVD-201211-085 // NVD: CVE-2012-5286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5286
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-5286
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201211-085
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-58567
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-5286
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-58567
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-58567 // JVNDB: JVNDB-2012-005333 // CNNVD: CNNVD-201211-085 // NVD: CVE-2012-5286

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-58567 // JVNDB: JVNDB-2012-005333 // NVD: CVE-2012-5286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201211-085

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201211-085

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005333

PATCH

title:	APSB12-22	url:	http://www.adobe.com/support/security/bulletins/apsb12-22.html	Trust: 0.8
title:	APSB12-22	url:	http://www.adobe.com/jp/support/security/bulletins/apsb12-22.html	Trust: 0.8
title:	Google Chrome	url:	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2012/10/stable-channel-update.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)	url:	http://technet.microsoft.com/en-us/security/advisory/2755801	Trust: 0.8
title:	Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム (2755801)	url:	http://technet.microsoft.com/ja-jp/security/advisory/2755801	Trust: 0.8
title:	fp_10.3.183.67_archive	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45849	Trust: 0.6
title:	install_flash_player_ics	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45853	Trust: 0.6
title:	fp_11.2.202.275_archive	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45848	Trust: 0.6
title:	AdobeAIRInstaller	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45852	Trust: 0.6
title:	fp_10.3.183.68_archive	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45847	Trust: 0.6
title:	AIRSDK_Compiler	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45851	Trust: 0.6
title:	install_flash_player	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45846	Trust: 0.6
title:	AIRSDK_Compiler	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45850	Trust: 0.6
title:	install_flash_player_pre_ics	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45854	Trust: 0.6

sources: JVNDB: JVNDB-2012-005333 // CNNVD: CNNVD-201211-085

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5286	Trust: 2.8
db:	BID	id:	56375	Trust: 2.0
db:	OSVDB	id:	86875	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-005333	Trust: 0.8
db:	CNNVD	id:	CNNVD-201211-085	Trust: 0.7
db:	VULHUB	id:	VHN-58567	Trust: 0.1

sources: VULHUB: VHN-58567 // BID: 56375 // JVNDB: JVNDB-2012-005333 // CNNVD: CNNVD-201211-085 // NVD: CVE-2012-5286

REFERENCES

url:	http://www.securityfocus.com/bid/56375	Trust: 1.7
url:	http://www.adobe.com/support/security/bulletins/apsb12-22.html	Trust: 1.7
url:	http://osvdb.org/86875	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/79771	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5286	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20121009-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2012/at120031.txt	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5286	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/#topics	Trust: 0.8
url:	http://www.adobe.com/products/air/	Trust: 0.3
url:	http://www.adobe.com/products/flash/	Trust: 0.3

sources: VULHUB: VHN-58567 // BID: 56375 // JVNDB: JVNDB-2012-005333 // CNNVD: CNNVD-201211-085 // NVD: CVE-2012-5286

CREDITS

Mateusz Jurczyk, Gynvael Coldwind and Fermin Serna of the Google Security Team

Trust: 0.9

sources: BID: 56375 // CNNVD: CNNVD-201211-085

SOURCES

db:	VULHUB	id:	VHN-58567
db:	BID	id:	56375
db:	JVNDB	id:	JVNDB-2012-005333
db:	CNNVD	id:	CNNVD-201211-085
db:	NVD	id:	CVE-2012-5286

LAST UPDATE DATE

2024-08-14T14:06:54.831000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-58567	date:	2017-08-29T00:00:00
db:	BID	id:	56375	date:	2013-06-20T09:38:00
db:	JVNDB	id:	JVNDB-2012-005333	date:	2012-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201211-085	date:	2012-11-14T00:00:00
db:	NVD	id:	CVE-2012-5286	date:	2017-08-29T01:32:36.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-58567	date:	2012-11-13T00:00:00
db:	BID	id:	56375	date:	2012-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2012-005333	date:	2012-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201211-085	date:	2012-11-06T00:00:00
db:	NVD	id:	CVE-2012-5286	date:	2012-11-13T13:39:47.140