cbcvebase.
CVE-2012-0773
published 2012-03-28

CVE-2012-0773: The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and…

PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.48%
91.8th percentile
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Affected

6 ranges
VendorProductVersion rangeFixed in
adobeadobe_air< 3.2.0.20703.2.0.2070
adobeflash_player< 10.3.183.1810.3.183.18
adobeflash_player< 11.1.111.811.1.111.8
adobeflash_player>= 11.0 < 11.2.202.22811.2.202.228
adobeflash_player>= 11.0 < 11.2.202.22311.2.202.223
xeroxfreeflow_print_server

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via a malicious SWF file opened in Adobe Flash Player, exploiting a memory corruption flaw in the NetStream class
  • Target component is the NetStream class in Adobe Flash Player; monitor for memory corruption exploitation patterns in Flash Player processes handling NetStream objects
  • ·Affected versions span multiple platforms: Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 (Windows/Mac/Linux), before 11.2.202.223 (Solaris), before 11.1.111.8 (Android 2.x/3.x), and AIR before 3.2.0.2070 — detection rules should account for all relevant platform/version combinations
  • ·The attack vectors are unspecified by Adobe, limiting the ability to craft precise behavioral detection signatures beyond SWF file delivery

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.