CVE-2012-2039 — NULL Pointer Dereference in Adobe AIR

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

3.9%

top 11.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe Flash Player Opensuse +6 more

Timeline

PublishedJun 9

Latest updateMay 13

Description

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages7 packages

▶NVDadobe/flash_player11.2.202.235+2

▶NVDadobe/air3.2.0.2070

▶NVDsuse/linux_enterprise_desktop10, 11+1

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

▶NVDredhat/enterprise_linux_desktop5.0, 6.0+1

Also affects: Enterprise Linux 6.2

🔴Vulnerability Details

GHSA

GHSA-jxfm-65m8-c9cm: Adobe Flash Player before 10↗2022-05-13

▶

CVEList

CVE-2012-2039: Adobe Flash Player before 10↗2012-06-09

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution flaws (APSB12-14)↗2012-06-08

▶

💬Community

Bugzilla

CVE-2012-2034 CVE-2012-2035 CVE-2012-2036 CVE-2012-2037 CVE-2012-2039 flash-plugin: multiple code execution flaws (APSB12-14)↗2012-06-08

▶