cbcvebase.
CVE-2012-2034
published 2012-06-09

CVE-2012-2034: Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before…

PriorityP272high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-18
Exploited in the wild
EPSS
7.80%
93.9th percentile
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.

Affected

16 ranges
VendorProductVersion rangeFixed in
adobeair<= 3.2.0.2070
adobeflash_player<= 11.2.202.235
adobeflash_player<= 11.1.115.8
adobeflash_player<= 11.1.111.9
opensuseopensuse
opensuseopensuse
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_server
redhatenterprise_linux_server
redhatenterprise_linux_server_aus
redhatenterprise_linux_workstation
redhatenterprise_linux_workstation
suselinux_enterprise_desktop
suselinux_enterprise_desktop

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2012-2034 is triggered via a malicious SWF file opened in Adobe Flash Player, leading to memory corruption and potential remote code execution
  • Adobe Flash Player is end-of-life; any environment still running Flash Player should be treated as a high-risk detection surface for this vulnerability
  • ·Vulnerability affects Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows/Mac OS X; before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x/3.x; before 11.1.115.9 on Android 4.x; and Adobe AIR before 3.3.0.3610

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
cisa7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.