CVE-2012-0767
published 2012-02-16CVE-2012-0767: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before…
PriorityP274medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
6.66%
93.1th percentile
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | < 10.3.183.15 | 10.3.183.15 |
| adobe | flash_player | < 11.1.111.6 | 11.1.111.6 |
| adobe | flash_player | < 11.1.115.6 | 11.1.115.6 |
| adobe | flash_player | >= 11.0 < 11.1.102.62 | 11.1.102.62 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2012-0767 (Universal XSS / UXSS) was exploited in the wild via malicious links delivered in email messages; the attack vector specifically targets Internet Explorer on Windows visiting a malicious website. ↗
- →The UXSS attack only works against Internet Explorer on Windows; detection/hunting should focus on IE-based Flash Player usage on Windows hosts. ↗
- →The vulnerability allows an attacker to take actions on a user's behalf on any website or webmail provider when the user visits a malicious website; monitor for anomalous cross-origin Flash-initiated requests. ↗
- ·Vulnerable Flash Player version ranges: 10.x before 10.3.183.15 and 11.x before 11.1.102.62 (Windows/Mac/Linux/Solaris); before 11.1.111.6 (Android 2.x/3.x); before 11.1.115.6 (Android 4.x). Any host still running these versions should be treated as unpatched. ↗
- ·Adobe Flash Player is end-of-life; CISA mandates disconnection of any remaining deployments. Any detection of active Flash Player usage should be escalated immediately. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
cisa6.1MEDIUM
vendor_redhat6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
cisa·2022-06-08·CVSS 6.1
CVE-2012-0767 [MEDIUM] CWE-79 Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Vulnerability: Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-0767
Remediation Due Date: 2022-06-22
Red Hat
flash-plugin: universal cross-site scripting flaw (APSB12-03)
vendor_redhat·2012-02-15·CVSS 6.1
CVE-2012-0767 [MEDIUM] CWE-79 flash-plugin: universal cross-site scripting flaw (APSB12-03)
flash-plugin: universal cross-site scripting flaw (APSB12-03)
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
GHSA
GHSA-gwxh-45g8-xg45: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14
CVE-2012-0767 [MEDIUM] CWE-79 GHSA-gwxh-45g8-xg45: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
VulnCheck
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
vulncheck·2012·CVSS 6.1
CVE-2012-0767 [MEDIUM] CWE-79 Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Affected: Adobe Flash Player
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2012-0767; https://www.darkreading.com/cyberattacks-data-breaches/flash-zero-day-used-in-targeted-email-attacks; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-22
No detection rules found.
No public exploits indexed.
Krebs
Flash Player Update Nixes Zero-Day Flaw
blogs_krebs·2012-02-15·CVSS 6.1
CVE-2012-0767 [MEDIUM] Flash Player Update Nixes Zero-Day Flaw
Adobe has issued a critical security update for its ubiquitous Flash Player software. The patch plugs at least seven security holes, including one reported by Google that is already being used to trick users into clicking on malicious links delivered via email.
In an advisory released Wednesday afternoon, Adobe warned that one of the flaws — a cross-site scripting vulnerability (CVE-2012-0767) reported by Google — was being used in the wild in active, targeted attacks designed to trick users into clicking on a malicious link delivered in an email message. The company said the flaw could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. A spokesperson for the company said this particular attack only works against Internet
Krebs
Flash Player Update Nixes Zero-Day Flaw – Krebs on Security
blogs_krebs·2012-02-01·CVSS 6.1
CVE-2012-0767 [MEDIUM] Flash Player Update Nixes Zero-Day Flaw – Krebs on Security
Adobe has issued a critical security update for its ubiquitous Flash Player software. The patch plugs at least seven security holes, including one reported by Google that is already being used to trick users into clicking on malicious links delivered via email.
In an advisory released Wednesday afternoon, Adobe warned that one of the flaws — a cross-site scripting vulnerability (CVE-2012-0767) reported by Google — was being used in the wild in active, targeted attacks designed to trick users into clicking on a malicious link delivered in an email message. The company said the flaw could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. A spokesperson for the company said this particular attack only works against Internet
Bugzilla
CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)
bugzilla·2012-02-16·CVSS 6.1
CVE-2012-0767 [MEDIUM] CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)
CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)
Adobe security bulletin APSB12-03 describes an XSS flaw:
This update resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website (CVE-2012-0767).
Discussion:
External References:
http://www.adobe.com/support/security/bulletins/apsb12-03.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Hat Enterprise Linux 5
Via RHSA-2012:0144 https://rhn.redhat.com/errata/RHSA-2012-0144.html
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0144.htmlhttp://secunia.com/advisories/48265http://secunia.com/advisories/48819http://security.gentoo.org/glsa/glsa-201204-07.xmlhttp://www.adobe.com/support/security/bulletins/apsb12-03.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0144.htmlhttp://secunia.com/advisories/48265http://secunia.com/advisories/48819http://security.gentoo.org/glsa/glsa-201204-07.xmlhttp://www.adobe.com/support/security/bulletins/apsb12-03.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0767
2012-02-16
Published
2022-06-08
Added to CISA KEV
Exploited in the wild