CVE-2012-5054
published 2012-09-24CVE-2012-5054: Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code…
PriorityP180high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
21.19%
97.3th percentile
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | < 11.4.402.265 | 11.4.402.265 |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html↗
- →Target the copyRawDataTo method in the Matrix3D class within Adobe Flash Player; exploitation involves passing malformed (integer-overflow-triggering) arguments to this method. ↗
- →On Linux, the vulnerable version range is Flash Player 11.2.202.236 and earlier; the patched version is 11.2.202.238. Flag any Linux hosts running Flash Player <= 11.2.202.236. ↗
- →Any Adobe Flash Player installation older than version 11.4.402.265 (Windows/Mac) should be treated as vulnerable and flagged for immediate action or disconnection. ↗
- ·Adobe Flash Player is end-of-life; CISA mandates disconnection of any remaining deployments rather than patching. ↗
- ·The fixed version threshold differs by platform: Windows/Mac require >= 11.4.402.265, while Linux requires >= 11.2.202.238. Detection rules must account for both version branches. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xxxm-q6xf-58pf: Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11
ghsa_unreviewed·2022-05-14
CVE-2012-5054 [HIGH] CWE-190 GHSA-xxxm-q6xf-58pf: Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
VulnCheck
Adobe Flash Player Integer Overflow Vulnerability
vulncheck·2012·CVSS 8.8
CVE-2012-5054 [HIGH] CWE-189 Adobe Flash Player Integer Overflow Vulnerability
Adobe Flash Player Integer Overflow Vulnerability
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Affected: Adobe Flash Player
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://securelist.com/adobe-flash-player-0-day-and-hackingteams-remote-control-system/64215/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-22
CISA
Adobe Flash Player Integer Overflow Vulnerability
cisa·2022-06-08·CVSS 8.8
CVE-2012-5054 [HIGH] CWE-189 Adobe Flash Player Integer Overflow Vulnerability
Vulnerability: Adobe Flash Player Integer Overflow Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-5054
Remediation Due Date: 2022-06-22
Red Hat
flash-plugin: arbitrary code exec via integer overflow in copyRawDataTo method in Matrix3D class
vendor_redhat·2012-09-11·CVSS 8.8
CVE-2012-5054 [HIGH] CWE-190 flash-plugin: arbitrary code exec via integer overflow in copyRawDataTo method in Matrix3D class
flash-plugin: arbitrary code exec via integer overflow in copyRawDataTo method in Matrix3D class
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
No detection rules found.
No public exploits indexed.
http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.htmlhttp://www.adobe.com/support/security/bulletins/apsb12-19.htmlhttp://www.vupen.com/english/services/ba-index.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/78866http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.htmlhttp://www.adobe.com/support/security/bulletins/apsb12-19.htmlhttp://www.vupen.com/english/services/ba-index.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/78866https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5054
2012-09-24
Published
2022-06-08
Added to CISA KEV
Exploited in the wild