CVE-2012-5285

Published: Nov 13, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

Affected (7)

Products: Adobe: Flash Player, Air, Air Sdk

3 products

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	From 11.4 to 11.4.402.287

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	From 10.3 to 10.3.183.29
Adobe Flash Player	From 11.2 to 11.2.202.243

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	From 11.1 to 11.1.111.19

Running on/with	Platform Versions
Google Android	From 2.0 to 2.3.7
Google Android	From 3.0 to 3.2.6

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	From 11.1 to 11.1.115.20

Running on/with	Platform Versions
Google Android	From 4.0 to 4.4.4

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Adobe Air	Before 3.4.0.2710
Adobe Air Sdk	Before 3.4.0.2710

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (8)

http://osvdb.org/86874

Source: psirt@adobe.com

Broken Link

http://www.adobe.com/support/security/bulletins/apsb12-22.html

Source: psirt@adobe.com

PatchVendor Advisory

http://www.securityfocus.com/bid/56374

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/79770

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

http://osvdb.org/86874

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.adobe.com/support/security/bulletins/apsb12-22.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/56374

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/79770

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.