⚠ Actively exploited
Added to CISA KEV on 2022-06-08. Federal agencies required to patch by 2022-06-22. Required action: The impacted product is end-of-life and should be disconnected if still in use..

CVE-2012-5054Integer Overflow or Wraparound in Adobe Flash Player

CWE-190Integer Overflow or WraparoundCWE-1896 documents6 sources
Severity
8.8HIGHNVD
EPSS
76.6%
top 1.05%
CISA KEV
KEV
Added 2022-06-08
Due 2022-06-22
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Flash Player
Timeline
PublishedSep 24
KEV addedJun 8
KEV dueJun 22
CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDadobe/flash_player< 11.4.402.265

🔴Vulnerability Details

2
GHSA
GHSA-xxxm-q6xf-58pf: Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 112022-05-14
VulnCheck
Adobe Flash Player Integer Overflow Vulnerability2012

📋Vendor Advisories

2
CISA
Adobe Flash Player Integer Overflow Vulnerability2022-06-08
Red Hat
flash-plugin: arbitrary code exec via integer overflow in copyRawDataTo method in Matrix3D class2012-09-11

💬Community

1
Bugzilla
CVE-2012-5054 flash-plugin: arbitrary code exec via integer overflow in copyRawDataTo method in Matrix3D class2012-09-24