CVE-2012-2037 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe AIR

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents5 sources

Severity

9.3CRITICALNVD

NVD7.5CNA7.5

EPSS

4.3%

top 11.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe Flash Player Opensuse +6 more

Timeline

PublishedJun 9

Latest updateMay 13

Description

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages7 packages

▶NVDadobe/flash_player11.2.202.235+2

▶NVDadobe/air3.2.0.2070

▶NVDsuse/linux_enterprise_desktop10, 11+1

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

▶NVDredhat/enterprise_linux_desktop5.0, 6.0+1

Also affects: Enterprise Linux 6.2

🔴Vulnerability Details

GHSA

GHSA-mp84-pg4p-36qc: Adobe Flash Player before 10↗2022-05-13

▶

GHSA

GHSA-3cfr-rpp6-j86f: Adobe Flash Player before 10↗2022-05-13

▶

CVEList

CVE-2012-2034: Adobe Flash Player before 10↗2012-06-09

▶

CVEList

CVE-2012-2037: Adobe Flash Player before 10↗2012-06-09

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution flaws (APSB12-14)↗2012-06-08

▶

Red Hat

flash-plugin: multiple code execution flaws (APSB12-14)↗2012-06-08

▶

💬Community

Bugzilla

CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)↗2012-06-08

▶