CVE-2012-4167
published 2012-08-21CVE-2012-4167: Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238…
critical10CVSS 3.1
AVNACLAuNCCICAC
Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | air | < 3.4.0.2540 | 3.4.0.2540 |
| adobe | air_sdk | < 3.4.0.2540 | 3.4.0.2540 |
| adobe | flash_player | >= 10.3 < 10.3.183.23 | 10.3.183.23 |
| adobe | flash_player | >= 11.1 < 11.1.111.16 | 11.1.111.16 |
| adobe | flash_player | >= 11.1 < 11.1.115.17 | 11.1.115.17 |
| adobe | flash_player | >= 11.2 < 11.2.202.238 | 11.2.202.238 |
| adobe | flash_player | >= 11.4 < 11.4.402.265 | 11.4.402.265 |
CVSS provenance
nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
GHSA
GHSA-px2x-2xqq-cx26: Integer overflow in Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14
CVE-2012-4167 [HIGH] GHSA-px2x-2xqq-cx26: Integer overflow in Adobe Flash Player before 10
Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors.
VulnCheck
Adobe Flash Player Integer Overflow Remote Code Execution
vulncheck·2012·CVSS 10.0
CVE-2012-4167 [CRITICAL] Adobe Flash Player Integer Overflow Remote Code Execution
Adobe Flash Player Integer Overflow Remote Code Execution
Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors.
Affected: Adobe Flash Player
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/adobe-flash-player-0-day-and-hackingteams-remote-control-system/64215/
Red Hat
flash-plugin: multiple code execution flaws (APSB12-19)
vendor_redhat·2012-08-21·CVSS 10.0
CVE-2012-4167 [CRITICAL] flash-plugin: multiple code execution flaws (APSB12-19)
flash-plugin: multiple code execution flaws (APSB12-19)
Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors.
No detection rules found.
No public exploits indexed.
http://marc.info/?l=bugtraq&m=139455789818399&w=2http://rhn.redhat.com/errata/RHSA-2012-1203.htmlhttp://security.gentoo.org/glsa/glsa-201209-01.xmlhttp://www.adobe.com/support/security/bulletins/apsb12-19.htmlhttp://marc.info/?l=bugtraq&m=139455789818399&w=2http://rhn.redhat.com/errata/RHSA-2012-1203.htmlhttp://security.gentoo.org/glsa/glsa-201209-01.xmlhttp://www.adobe.com/support/security/bulletins/apsb12-19.html
2012-08-21
Published