CVE-2012-2034
published 2012-06-09CVE-2012-2034: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before…
PriorityP272high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-18
Exploited in the wild
EPSS
7.80%
93.9th percentile
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | air | <= 3.2.0.2070 | — |
| adobe | flash_player | <= 11.2.202.235 | — |
| adobe | flash_player | <= 11.1.115.8 | — |
| adobe | flash_player | <= 11.1.111.9 | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_desktop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2012-2034 is triggered via a malicious SWF file opened in Adobe Flash Player, leading to memory corruption and potential remote code execution ↗
- →Adobe Flash Player is end-of-life; any environment still running Flash Player should be treated as a high-risk detection surface for this vulnerability ↗
- ·Vulnerability affects Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows/Mac OS X; before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x/3.x; before 11.1.115.9 on Android 4.x; and Adobe AIR before 3.3.0.3610 ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
cisa7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mp84-pg4p-36qc: Adobe Flash Player before 10
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2012-2037 [HIGH] CWE-119 GHSA-mp84-pg4p-36qc: Adobe Flash Player before 10
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034.
GHSA
GHSA-3cfr-rpp6-j86f: Adobe Flash Player before 10
ghsa_unreviewed·2022-05-13·CVSS 9.3
CVE-2012-2034 [CRITICAL] CWE-119 GHSA-3cfr-rpp6-j86f: Adobe Flash Player before 10
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.
VulnCheck
Adobe Flash Player Memory Corruption Vulnerability
vulncheck·2012·CVSS 7.5
CVE-2012-2034 [HIGH] CWE-119 Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
Affected: Adobe Flash Player
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-04-18
CISA
Adobe Flash Player Memory Corruption Vulnerability
cisa·2022-03-28·CVSS 7.5
CVE-2012-2034 [HIGH] CWE-119 Adobe Flash Player Memory Corruption Vulnerability
Vulnerability: Adobe Flash Player Memory Corruption Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-2034
Remediation Due Date: 2022-04-18
Red Hat
flash-plugin: multiple code execution flaws (APSB12-14)
vendor_redhat·2012-06-08·CVSS 7.5
CVE-2012-2034 [HIGH] flash-plugin: multiple code execution flaws (APSB12-14)
flash-plugin: multiple code execution flaws (APSB12-14)
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.
Red Hat
flash-plugin: multiple code execution flaws (APSB12-14)
vendor_redhat·2012-06-08·CVSS 7.5
CVE-2012-2037 [HIGH] flash-plugin: multiple code execution flaws (APSB12-14)
flash-plugin: multiple code execution flaws (APSB12-14)
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0722.htmlhttp://www.adobe.com/support/security/bulletins/apsb12-14.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0722.htmlhttp://www.adobe.com/support/security/bulletins/apsb12-14.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-2034
2012-06-09
Published
2022-03-28
Added to CISA KEV
Exploited in the wild