CVE-2012-2038 — Sensitive Information Exposure in Adobe AIR

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.4%

top 19.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe Flash Player Opensuse +6 more

Timeline

PublishedJun 9

Latest updateMay 13

Description

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages7 packages

▶NVDadobe/flash_player11.2.202.235+2

▶NVDadobe/air3.2.0.2070

▶NVDsuse/linux_enterprise_desktop10, 11+1

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

▶NVDredhat/enterprise_linux_desktop5.0, 6.0+1

Also affects: Enterprise Linux 6.2

🔴Vulnerability Details

GHSA

GHSA-2g9j-4mvx-6c42: Adobe Flash Player before 10↗2022-05-13

▶

CVEList

CVE-2012-2038: Adobe Flash Player before 10↗2012-06-09

▶

📋Vendor Advisories

Red Hat

flash-plugin: information disclosure flaw (APSB12-14)↗2012-06-08

▶

💬Community

Bugzilla

CVE-2012-2038 flash-plugin: information disclosure flaw (APSB12-14)↗2012-06-08

▶