CVE-2012-5676

Published: Dec 12, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

Affected (10)

Products: Adobe: Flash Player, Air, Air Sdk

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	From 11.5 to 11.5.502.135

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	From 11.2 to 11.2.202.258

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	From 11.1 to 11.1.111.29

Running on/with	Platform Versions
Google Android	From 2.0 to 2.3.7
Google Android	From 3.0 to 3.2.6

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	From 11.1 to 11.1.115.34

Running on/with	Platform Versions
Google Android	From 4.0 to 4.4.4

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Air	Before 3.5.0.880

Configuration F

2 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	From 10.3 to 10.3.183.48
Adobe Flash Player	From 11.5 to 11.5.502.136

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Air	Before 3.5.0.890

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Air Sdk	Before 3.5.0.880

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Air Sdk	Before 3.5.0.890

Running on/with	Platform Versions
Apple Mac Os X	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://www.adobe.com/support/security/bulletins/apsb12-27.html

Source: psirt@adobe.com

PatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.adobe.com/support/security/bulletins/apsb12-27.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.