cbcvebase.
CVE-2012-0767
published 2012-02-16

CVE-2012-0767: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before…

PriorityP274medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
6.66%
93.1th percentile
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.

Affected

4 ranges
VendorProductVersion rangeFixed in
adobeflash_player< 10.3.183.1510.3.183.15
adobeflash_player< 11.1.111.611.1.111.6
adobeflash_player< 11.1.115.611.1.115.6
adobeflash_player>= 11.0 < 11.1.102.6211.1.102.62

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2012-0767 (Universal XSS / UXSS) was exploited in the wild via malicious links delivered in email messages; the attack vector specifically targets Internet Explorer on Windows visiting a malicious website.
  • The UXSS attack only works against Internet Explorer on Windows; detection/hunting should focus on IE-based Flash Player usage on Windows hosts.
  • The vulnerability allows an attacker to take actions on a user's behalf on any website or webmail provider when the user visits a malicious website; monitor for anomalous cross-origin Flash-initiated requests.
  • ·Vulnerable Flash Player version ranges: 10.x before 10.3.183.15 and 11.x before 11.1.102.62 (Windows/Mac/Linux/Solaris); before 11.1.111.6 (Android 2.x/3.x); before 11.1.115.6 (Android 4.x). Any host still running these versions should be treated as unpatched.
  • ·Adobe Flash Player is end-of-life; CISA mandates disconnection of any remaining deployments. Any detection of active Flash Player usage should be escalated immediately.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
cisa6.1MEDIUM
vendor_redhat6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.