Details of VAR-201211-0377

ID

VAR-201211-0377

CVE

CVE-2012-5287

TITLE

Adobe Flash Player and Adobe AIR Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2012-005334

DESCRIPTION

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. This vulnerability APSB12-22 This is a different vulnerability than other buffer overflow vulnerabilities listed on the list.An attacker could execute arbitrary code. The product enables viewing of applications, content and video across screens and browsers

Trust: 1.98

sources: NVD: CVE-2012-5287 // JVNDB: JVNDB-2012-005334 // BID: 56376 // VULHUB: VHN-58568

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.243	Trust: 1.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.287	Trust: 1.8
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.5	Trust: 1.6
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.8	Trust: 1.6
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.0.1.153	Trust: 1.6
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.9	Trust: 1.6
vendor:	adobe	model:	flash player for android	scope:	eq	version:	10.3.186.7	Trust: 1.6
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.7	Trust: 1.6
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.102.59	Trust: 1.6
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.111.10	Trust: 1.6
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.265	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.23	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.115.12	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	lte	version:	11.1.115.17	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.238	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.16	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.257	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	10.3.183.25	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.26	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.19610	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.18	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.0.8.4990	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.1948	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.19480	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.4.402.278	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.207	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.488	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	3.4.0.2540	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	10.2.157.51	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.115.7	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.273	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.0.4990	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.112.61	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.6.0.19120	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3.13070	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1.17730	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.1953	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.112.60	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.268	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.115.11	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.20	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	10.1.106.17	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.0.0.4080	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	lte	version:	11.1.111.16	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5.0.7220	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	3.4.0.2540	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.3.0.3670	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.271	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.262	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.485	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.11	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.6.0.19140	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.5.0.16600	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.1.0.5790	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1.8210	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.3.300.265	Trust: 1.0
vendor:	adobe	model:	flash player for android	scope:	eq	version:	11.1.115.8	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.7.0.19530	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.15	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	3.0.0.408	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 1.0
vendor:	microsoft	model:	windows	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	android)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	macintosh	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(android 2.x 3.x)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(android 4.x)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.x (linux)	Trust: 0.8
vendor:	microsoft	model:	windows 8	scope:	eq	version:	for 64-bit systems (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(windows	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.19	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	(air for ios include )	Trust: 0.8
vendor:	microsoft	model:	windows 8	scope:	eq	version:	for 32-bit systems (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	microsoft	model:	windows server	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.29	Trust: 0.8
vendor:	google	model:	chrome	scope:	lt	version:	22.0.1229.92	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.x (windows macintosh)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	3.4.0.2710	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.20	Trust: 0.8
vendor:	microsoft	model:	windows 8	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(linux)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	3.4.0.2710	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(windows macintosh)	Trust: 0.8
vendor:	microsoft	model:	windows server	scope:	eq	version:	2012 (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	microsoft	model:	windows	scope:	eq	version:	rt (adobe flash player 11.3.375.10	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.153	Trust: 0.6

sources: JVNDB: JVNDB-2012-005334 // CNNVD: CNNVD-201211-084 // NVD: CVE-2012-5287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5287
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-5287
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201211-084
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-58568
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-5287
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-58568
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-58568 // JVNDB: JVNDB-2012-005334 // CNNVD: CNNVD-201211-084 // NVD: CVE-2012-5287

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-58568 // JVNDB: JVNDB-2012-005334 // NVD: CVE-2012-5287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201211-084

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201211-084

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005334

PATCH

title:	APSB12-22	url:	http://www.adobe.com/support/security/bulletins/apsb12-22.html	Trust: 0.8
title:	APSB12-22	url:	http://www.adobe.com/jp/support/security/bulletins/apsb12-22.html	Trust: 0.8
title:	Google Chrome	url:	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2012/10/stable-channel-update.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)	url:	http://technet.microsoft.com/en-us/security/advisory/2755801	Trust: 0.8
title:	Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム (2755801)	url:	http://technet.microsoft.com/ja-jp/security/advisory/2755801	Trust: 0.8
title:	fp_10.3.183.67_archive	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45849	Trust: 0.6
title:	install_flash_player_ics	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45853	Trust: 0.6
title:	fp_11.2.202.275_archive	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45848	Trust: 0.6
title:	AdobeAIRInstaller	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45852	Trust: 0.6
title:	fp_10.3.183.68_archive	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45847	Trust: 0.6
title:	AIRSDK_Compiler	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45851	Trust: 0.6
title:	install_flash_player	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45846	Trust: 0.6
title:	AIRSDK_Compiler	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45850	Trust: 0.6
title:	install_flash_player_pre_ics	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45854	Trust: 0.6

sources: JVNDB: JVNDB-2012-005334 // CNNVD: CNNVD-201211-084

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5287	Trust: 2.8
db:	BID	id:	56376	Trust: 2.0
db:	OSVDB	id:	86876	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-005334	Trust: 0.8
db:	CNNVD	id:	CNNVD-201211-084	Trust: 0.7
db:	VULHUB	id:	VHN-58568	Trust: 0.1

sources: VULHUB: VHN-58568 // BID: 56376 // JVNDB: JVNDB-2012-005334 // CNNVD: CNNVD-201211-084 // NVD: CVE-2012-5287

REFERENCES

url:	http://www.adobe.com/support/security/bulletins/apsb12-22.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/56376	Trust: 1.7
url:	http://osvdb.org/86876	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/79772	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5287	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20121009-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2012/at120031.txt	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5287	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/#topics	Trust: 0.8
url:	http://www.adobe.com/products/air/	Trust: 0.3
url:	http://www.adobe.com/products/flash/	Trust: 0.3

sources: VULHUB: VHN-58568 // BID: 56376 // JVNDB: JVNDB-2012-005334 // CNNVD: CNNVD-201211-084 // NVD: CVE-2012-5287

CREDITS

Mateusz Jurczyk, Gynvael Coldwind and Fermin Serna of the Google Security Team

Trust: 0.9

sources: BID: 56376 // CNNVD: CNNVD-201211-084

SOURCES

db:	VULHUB	id:	VHN-58568
db:	BID	id:	56376
db:	JVNDB	id:	JVNDB-2012-005334
db:	CNNVD	id:	CNNVD-201211-084
db:	NVD	id:	CVE-2012-5287

LAST UPDATE DATE

2024-08-14T13:48:39.412000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-58568	date:	2017-08-29T00:00:00
db:	BID	id:	56376	date:	2013-06-20T09:39:00
db:	JVNDB	id:	JVNDB-2012-005334	date:	2012-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201211-084	date:	2012-11-14T00:00:00
db:	NVD	id:	CVE-2012-5287	date:	2017-08-29T01:32:37.103

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-58568	date:	2012-11-13T00:00:00
db:	BID	id:	56376	date:	2012-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2012-005334	date:	2012-11-14T00:00:00
db:	CNNVD	id:	CNNVD-201211-084	date:	2012-11-06T00:00:00
db:	NVD	id:	CVE-2012-5287	date:	2012-11-13T13:39:47.187