CVE-2012-0773 — Out-of-bounds Write in Adobe AIR

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

3.0%

top 13.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe Flash Player Xerox Freeflow Print Server

Timeline

PublishedMar 28

Latest updateMay 14

Description

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDadobe/flash_player11.0 — 11.2.202.228+3

▶NVDadobe/adobe_air< 3.2.0.2070

▶NVDxerox/freeflow_print_server8.0

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-pf9j-cg8h-rvwh: The NetStream class in Adobe Flash Player before 10↗2022-05-14

▶

CVEList

CVE-2012-0773: The NetStream class in Adobe Flash Player before 10↗2012-03-28

▶

VulnCheck

Adobe Flash Player Out-of-bounds Write↗2012

▶

📋Vendor Advisories

Red Hat

flash-plugin: arbitrary code execution via memory corruption flaw in NetStream class (APSB12-07)↗2012-03-28

▶

💬Community

Bugzilla

CVE-2012-0773 flash-plugin: arbitrary code execution via memory corruption flaw in NetStream class (APSB12-07)↗2012-03-28

▶