CVE-2012-0773
published 2012-03-28CVE-2012-0773: The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and…
PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.48%
91.8th percentile
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | adobe_air | < 3.2.0.2070 | 3.2.0.2070 |
| adobe | flash_player | < 10.3.183.18 | 10.3.183.18 |
| adobe | flash_player | < 11.1.111.8 | 11.1.111.8 |
| adobe | flash_player | >= 11.0 < 11.2.202.228 | 11.2.202.228 |
| adobe | flash_player | >= 11.0 < 11.2.202.223 | 11.2.202.223 |
| xerox | freeflow_print_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a malicious SWF file opened in Adobe Flash Player, exploiting a memory corruption flaw in the NetStream class ↗
- →Target component is the NetStream class in Adobe Flash Player; monitor for memory corruption exploitation patterns in Flash Player processes handling NetStream objects ↗
- ·Affected versions span multiple platforms: Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 (Windows/Mac/Linux), before 11.2.202.223 (Solaris), before 11.1.111.8 (Android 2.x/3.x), and AIR before 3.2.0.2070 — detection rules should account for all relevant platform/version combinations ↗
- ·The attack vectors are unspecified by Adobe, limiting the ability to craft precise behavioral detection signatures beyond SWF file delivery ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pf9j-cg8h-rvwh: The NetStream class in Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14
CVE-2012-0773 [HIGH] CWE-119 GHSA-pf9j-cg8h-rvwh: The NetStream class in Adobe Flash Player before 10
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
VulnCheck
Adobe Flash Player Out-of-bounds Write
vulncheck·2012·CVSS 9.3
CVE-2012-0773 [CRITICAL] Adobe Flash Player Out-of-bounds Write
Adobe Flash Player Out-of-bounds Write
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Affected: Adobe Flash Player
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/
Red Hat
flash-plugin: arbitrary code execution via memory corruption flaw in NetStream class (APSB12-07)
vendor_redhat·2012-03-28·CVSS 9.3
CVE-2012-0773 [CRITICAL] flash-plugin: arbitrary code execution via memory corruption flaw in NetStream class (APSB12-07)
flash-plugin: arbitrary code execution via memory corruption flaw in NetStream class (APSB12-07)
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00018.htmlhttp://secunia.com/advisories/48618http://secunia.com/advisories/48652http://secunia.com/advisories/48819http://security.gentoo.org/glsa/glsa-201204-07.xmlhttp://www.adobe.com/support/security/bulletins/apsb12-07.htmlhttp://www.securitytracker.com/id?1026859http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15391https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16157http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00018.htmlhttp://secunia.com/advisories/48618http://secunia.com/advisories/48652http://secunia.com/advisories/48819http://security.gentoo.org/glsa/glsa-201204-07.xmlhttp://www.adobe.com/support/security/bulletins/apsb12-07.htmlhttp://www.securitytracker.com/id?1026859http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15391https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16157
2012-03-28
Published
Exploited in the wild