CVE-2012-5277
published 2012-11-07CVE-2012-5277: Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251…
critical10CVSS 3.1
AVNACLAuNCCICAC
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | air | < 3.5.0.600 | 3.5.0.600 |
| adobe | air_sdk | < 3.5.0.600 | 3.5.0.600 |
| adobe | flash_player | >= 10.3 < 10.3.183.43 | 10.3.183.43 |
| adobe | flash_player | >= 11.1 < 11.1.111.24 | 11.1.111.24 |
| adobe | flash_player | >= 11.1 < 11.1.115.27 | 11.1.115.27 |
| adobe | flash_player | >= 11.2 < 11.2.202.251 | 11.2.202.251 |
| adobe | flash_player | >= 11.4 < 11.5.502.110 | 11.5.502.110 |
Red Hat
flash-plugin: multiple code-execution flaws (APSB12-24)
vendor_redhat·2012-11-06·CVSS 10.0
CVE-2012-5280 [CRITICAL] flash-plugin: multiple code-execution flaws (APSB12-24)
flash-plugin: multiple code-execution flaws (APSB12-24)
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.
Red Hat
flash-plugin: multiple code-execution flaws (APSB12-24)
vendor_redhat·2012-11-06·CVSS 10.0
CVE-2012-5277 [CRITICAL] flash-plugin: multiple code-execution flaws (APSB12-24)
flash-plugin: multiple code-execution flaws (APSB12-24)
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280.
Red Hat
flash-plugin: multiple code-execution flaws (APSB12-24)
vendor_redhat·2012-11-06·CVSS 10.0
CVE-2012-5274 [CRITICAL] flash-plugin: multiple code-execution flaws (APSB12-24)
flash-plugin: multiple code-execution flaws (APSB12-24)
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
Red Hat
flash-plugin: multiple code-execution flaws (APSB12-24)
vendor_redhat·2012-11-06·CVSS 10.0
CVE-2012-5276 [CRITICAL] flash-plugin: multiple code-execution flaws (APSB12-24)
flash-plugin: multiple code-execution flaws (APSB12-24)
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280.
Red Hat
flash-plugin: multiple code-execution flaws (APSB12-24)
vendor_redhat·2012-11-06·CVSS 10.0
CVE-2012-5275 [CRITICAL] flash-plugin: multiple code-execution flaws (APSB12-24)
flash-plugin: multiple code-execution flaws (APSB12-24)
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
GHSA
GHSA-rwpx-62f6-wv89: Buffer overflow in Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2012-5274 [CRITICAL] CWE-119 GHSA-rwpx-62f6-wv89: Buffer overflow in Adobe Flash Player before 10
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
GHSA
GHSA-ghrw-gm42-6rwq: Buffer overflow in Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2012-5277 [CRITICAL] CWE-119 GHSA-ghrw-gm42-6rwq: Buffer overflow in Adobe Flash Player before 10
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280.
GHSA
GHSA-vc8g-cm6p-45c8: Buffer overflow in Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2012-5276 [CRITICAL] CWE-119 GHSA-vc8g-cm6p-45c8: Buffer overflow in Adobe Flash Player before 10
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280.
GHSA
GHSA-3m99-jh3v-v6mf: Buffer overflow in Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2012-5280 [CRITICAL] CWE-119 GHSA-3m99-jh3v-v6mf: Buffer overflow in Adobe Flash Player before 10
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.
GHSA
GHSA-452p-q6qj-235g: Buffer overflow in Adobe Flash Player before 10
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2012-5275 [CRITICAL] CWE-119 GHSA-452p-q6qj-235g: Buffer overflow in Adobe Flash Player before 10
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4067 eucalyptus: Insecure XML Parsing Vulnerability in Walrus
bugzilla·2013-04-16·CVSS 4.3
CVE-2012-4067 [MEDIUM] CVE-2012-4067 eucalyptus: Insecure XML Parsing Vulnerability in Walrus
CVE-2012-4067 eucalyptus: Insecure XML Parsing Vulnerability in Walrus
Walrus was not securely parsing XML messages containing Document Type Declarations (DTDs). This flaw could be exploited by a remote unauthenticated
attacker to perform Denial of Service attacks against Walrus.
Links:
http://www.eucalyptus.com/eucalyptus-cloud/security/esa-09
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4067
https://eucalyptus.atlassian.net/browse/EUCA-5277
Discussion:
Statement:
Not affected. This flaw does not affect the jclouds Eucalyptus API as shipped with JBoss Fuse 6.0.0 and Fuse ESB Enterprise 7.1.0.
---
Created eucalyptus tracking bugs for this issue
Affects: fedora-all [bug 953354]
Bugzilla
flash-plugin: multiple code-execution flaws (APSB12-24)
bugzilla·2012-11-06·CVSS 10.0
CVE-2012-5274 [CRITICAL] flash-plugin: multiple code-execution flaws (APSB12-24)
flash-plugin: multiple code-execution flaws (APSB12-24)
Adobe security bulletin APSB12-24 describes several security flaws that could cause Adobe Flash Player to crash and potentially allow an attacker to take control of the affected system:
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-5279).
These updates resolve a security bypass vulnerability that could lead to code execution (CVE-2012-5278).
Discussion:
External References:
http://www.adobe.com/support/security/bulletins/apsb12-24.html
---
This issue has been addressed in following products:
Supplementary for
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1431.htmlhttp://secunia.com/advisories/51186http://secunia.com/advisories/51207http://secunia.com/advisories/51213http://secunia.com/advisories/51245http://www.adobe.com/support/security/bulletins/apsb12-24.htmlhttp://www.securitytracker.com/id?1027730https://exchange.xforce.ibmcloud.com/vulnerabilities/79848http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1431.htmlhttp://secunia.com/advisories/51186http://secunia.com/advisories/51207http://secunia.com/advisories/51213http://secunia.com/advisories/51245http://www.adobe.com/support/security/bulletins/apsb12-24.htmlhttp://www.securitytracker.com/id?1027730https://exchange.xforce.ibmcloud.com/vulnerabilities/79848
2012-11-07
Published