⚠ Actively exploited
Added to CISA KEV on 2022-06-08. Federal agencies required to patch by 2022-06-22. Required action: The impacted product is end-of-life and should be disconnected if still in use..

CVE-2012-0767Cross-site Scripting in Adobe Flash Player

CWE-79Cross-site Scripting8 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
16.3%
top 5.16%
CISA KEV
KEV
Added 2022-06-08
Due 2022-06-22
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Flash Player
Timeline
PublishedFeb 16
KEV addedJun 8
KEV dueJun 22
CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDadobe/flash_player11.011.1.102.62+3

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-gwxh-45g8-xg45: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 102022-05-14
VulnCheck
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability2012

📋Vendor Advisories

2
CISA
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability2022-06-08
Red Hat
flash-plugin: universal cross-site scripting flaw (APSB12-03)2012-02-15

🕵️Threat Intelligence

2
Krebs
Flash Player Update Nixes Zero-Day Flaw2012-02-15
Krebs
Flash Player Update Nixes Zero-Day Flaw – Krebs on Security2012-02-01

💬Community

1
Bugzilla
CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)2012-02-16