Vulnerability Details : CVE-2012-5259

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.
Publish Date : 2012-10-09 Last Update Date : 2013-01-18

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	10.0
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Execute CodeOverflow
CWE ID	119

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	critical	6.8	AV:N/AC:M/Au:N/C:P/I:P/A:P	2012-10-09	2012-10-08

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Class	Family
RHSA-2012:1346: flash-plugin security update (Critical)	oval:com.redhat.rhsa:def:20121346		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2012-5259

#	Product Type	Vendor	Product	Version
1	Application	Adobe	Adobe Air	1.0	Details Vulnerabilities
2	Application	Adobe	Adobe Air	1.0.1	Details Vulnerabilities
3	Application	Adobe	Adobe Air	1.0.8.4990	Details Vulnerabilities
4	Application	Adobe	Adobe Air	1.0.4990	Details Vulnerabilities
5	Application	Adobe	Adobe Air	1.1	Details Vulnerabilities
6	Application	Adobe	Adobe Air	1.1.0.5790	Details Vulnerabilities
7	Application	Adobe	Adobe Air	1.5	Details Vulnerabilities
8	Application	Adobe	Adobe Air	1.5.0.7220	Details Vulnerabilities
9	Application	Adobe	Adobe Air	1.5.1	Details Vulnerabilities
10	Application	Adobe	Adobe Air	1.5.1.8210	Details Vulnerabilities
11	Application	Adobe	Adobe Air	1.5.2	Details Vulnerabilities
12	Application	Adobe	Adobe Air	1.5.3	Details Vulnerabilities
13	Application	Adobe	Adobe Air	1.5.3.9120	Details Vulnerabilities
14	Application	Adobe	Adobe Air	1.5.3.9130	Details Vulnerabilities
15	Application	Adobe	Adobe Air	2.0.2	Details Vulnerabilities
16	Application	Adobe	Adobe Air	2.0.2.12610	Details Vulnerabilities
17	Application	Adobe	Adobe Air	2.0.3	Details Vulnerabilities
18	Application	Adobe	Adobe Air	2.0.3.13070	Details Vulnerabilities
19	Application	Adobe	Adobe Air	2.0.4	Details Vulnerabilities
20	Application	Adobe	Adobe Air	2.5.0.16600	Details Vulnerabilities
21	Application	Adobe	Adobe Air	2.5.1.17730	Details Vulnerabilities
22	Application	Adobe	Adobe Air	2.6	Details Vulnerabilities
23	Application	Adobe	Adobe Air	2.6.0.19120	Details Vulnerabilities
24	Application	Adobe	Adobe Air	2.6.0.19140	Details Vulnerabilities
25	Application	Adobe	Adobe Air	2.7	Details Vulnerabilities
26	Application	Adobe	Adobe Air	2.7.0.1948	Details Vulnerabilities
27	Application	Adobe	Adobe Air	2.7.0.19480	Details Vulnerabilities
28	Application	Adobe	Adobe Air	2.7.0.1953	Details Vulnerabilities
29	Application	Adobe	Adobe Air	2.7.0.19530	Details Vulnerabilities
30	Application	Adobe	Adobe Air	2.7.1	Details Vulnerabilities
31	Application	Adobe	Adobe Air	2.7.1.19610	Details Vulnerabilities
32	Application	Adobe	Adobe Air	3.0.0.408	Details Vulnerabilities
33	Application	Adobe	Adobe Air	3.0.0.4080	Details Vulnerabilities
34	Application	Adobe	Adobe Air	3.1.0.485	Details Vulnerabilities
35	Application	Adobe	Adobe Air	3.1.0.488	Details Vulnerabilities
36	Application	Adobe	Adobe Air	3.1.0.4880	Details Vulnerabilities
37	Application	Adobe	Adobe Air	3.2.0.207	Details Vulnerabilities
38	Application	Adobe	Adobe Air	3.2.0.2070	Details Vulnerabilities
39	Application	Adobe	Adobe Air	3.3.0.3670	Details Vulnerabilities
40	Application	Adobe	Adobe Air	3.4.0.2540	Details Vulnerabilities
41	Application	Adobe	Adobe Air Sdk	3.4.0.2540	Details Vulnerabilities
42	Application	Adobe	Flash Player	10.1.85.3	Details Vulnerabilities
43	Application	Adobe	Flash Player	10.1.102.64	Details Vulnerabilities
44	Application	Adobe	Flash Player	10.2.152.26	Details Vulnerabilities
45	Application	Adobe	Flash Player	10.2.152.32	Details Vulnerabilities
46	Application	Adobe	Flash Player	10.2.153.1	Details Vulnerabilities
47	Application	Adobe	Flash Player	10.2.159.1	Details Vulnerabilities
48	Application	Adobe	Flash Player	10.3.181.14	Details Vulnerabilities
49	Application	Adobe	Flash Player	10.3.181.16	Details Vulnerabilities
50	Application	Adobe	Flash Player	10.3.181.22	Details Vulnerabilities
51	Application	Adobe	Flash Player	10.3.181.26	Details Vulnerabilities
52	Application	Adobe	Flash Player	10.3.181.34	Details Vulnerabilities
53	Application	Adobe	Flash Player	10.3.183.5	Details Vulnerabilities
54	Application	Adobe	Flash Player	10.3.183.7	Details Vulnerabilities
55	Application	Adobe	Flash Player	10.3.183.10	Details Vulnerabilities
56	Application	Adobe	Flash Player	10.3.183.11	Details Vulnerabilities
57	Application	Adobe	Flash Player	10.3.183.15	Details Vulnerabilities
58	Application	Adobe	Flash Player	10.3.183.16	Details Vulnerabilities
59	Application	Adobe	Flash Player	10.3.183.18	Details Vulnerabilities
60	Application	Adobe	Flash Player	10.3.183.20	Details Vulnerabilities
61	Application	Adobe	Flash Player	10.3.183.23	Details Vulnerabilities
62	Application	Adobe	Flash Player	10.3.183.25	Details Vulnerabilities
63	Application	Adobe	Flash Player	11.0.1.152	Details Vulnerabilities
64	Application	Adobe	Flash Player	11.1.102.55	Details Vulnerabilities
65	Application	Adobe	Flash Player	11.1.102.62	Details Vulnerabilities
66	Application	Adobe	Flash Player	11.1.102.63	Details Vulnerabilities
67	Application	Adobe	Flash Player	11.2.202.223	Details Vulnerabilities
68	Application	Adobe	Flash Player	11.2.202.228	Details Vulnerabilities
69	Application	Adobe	Flash Player	11.2.202.233	Details Vulnerabilities
70	Application	Adobe	Flash Player	11.2.202.235	Details Vulnerabilities
71	Application	Adobe	Flash Player	11.2.202.238	Details Vulnerabilities
72	Application	Adobe	Flash Player	11.2.202.243	Details Vulnerabilities
73	Application	Adobe	Flash Player	11.3.300.257	Details Vulnerabilities
74	Application	Adobe	Flash Player	11.3.300.262	Details Vulnerabilities
75	Application	Adobe	Flash Player	11.3.300.265	Details Vulnerabilities
76	Application	Adobe	Flash Player	11.3.300.268	Details Vulnerabilities
77	Application	Adobe	Flash Player	11.3.300.271	Details Vulnerabilities
78	Application	Adobe	Flash Player	11.3.300.273	Details Vulnerabilities
79	Application	Adobe	Flash Player	11.4.402.265	Details Vulnerabilities
80	Application	Adobe	Flash Player	11.4.402.278	Details Vulnerabilities
81	Application	Adobe	Flash Player For Android	10.1.106.17	Details Vulnerabilities
82	Application	Adobe	Flash Player For Android	10.2.157.51	Details Vulnerabilities
83	Application	Adobe	Flash Player For Android	10.3.186.7	Details Vulnerabilities
84	Application	Adobe	Flash Player For Android	11.0.1.153	Details Vulnerabilities
85	Application	Adobe	Flash Player For Android	11.1.102.59	Details Vulnerabilities
86	Application	Adobe	Flash Player For Android	11.1.111.5	Details Vulnerabilities
87	Application	Adobe	Flash Player For Android	11.1.111.7	Details Vulnerabilities
88	Application	Adobe	Flash Player For Android	11.1.111.8	Details Vulnerabilities
89	Application	Adobe	Flash Player For Android	11.1.111.9	Details Vulnerabilities
90	Application	Adobe	Flash Player For Android	11.1.111.10	Details Vulnerabilities
91	Application	Adobe	Flash Player For Android	11.1.111.16	Details Vulnerabilities
92	Application	Adobe	Flash Player For Android	11.1.112.60	Details Vulnerabilities
93	Application	Adobe	Flash Player For Android	11.1.112.61	Details Vulnerabilities
94	Application	Adobe	Flash Player For Android	11.1.115.7	Details Vulnerabilities
95	Application	Adobe	Flash Player For Android	11.1.115.8	Details Vulnerabilities
96	Application	Adobe	Flash Player For Android	11.1.115.11	Details Vulnerabilities
97	Application	Adobe	Flash Player For Android	11.1.115.12	Details Vulnerabilities
98	Application	Adobe	Flash Player For Android	11.1.115.17	Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Adobe	Adobe Air	40
Adobe	Adobe Air Sdk	1
Adobe	Flash Player	39
Adobe	Flash Player For Android	18

- References For CVE-2012-5259

http://xforce.iss.net/xforce/xfdb/79080
XF adobe-cve20125259-bo(79080)

http://www.adobe.com/support/security/bulletins/apsb12-22.html CONFIRM

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player 11.0.1.152 Adobe Flash Player 11.1.102.55 Adobe Flash Player 11.1.102.62 Adobe Flash Player 11.1.102.63 Adobe Flash Player 11.2.202.228 Adobe Flash Player 11.2.202.223 Adobe Flash Player 11.2.202.233 Adobe Flash Player 11.2.202.235 Adobe Flash Player 11.2.202.238 Adobe Flash Player 11.2.202.243 Adobe Flash Player 11.3.300.257 Adobe Flash Player 11.3.300.262 Adobe Flash Player 11.3.300.265 Adobe Flash Player 11.3.300.268 Adobe Flash Player 11.3.300.271 Adobe Flash Player 11.3.300.273 Adobe Flash Player 11.4.402.265 Adobe Flash Player 11.4.402.278 Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.102.64 Adobe Flash Player 10.2.152.26 Adobe Flash Player 10.2.152.32 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.159.1 Adobe Flash Player 10.3.181.14 Adobe Flash Player 10.3.181.16 Adobe Flash Player 10.3.181.22 Adobe Flash Player 10.3.181.26 Adobe Flash Player 10.3.181.34 Adobe Flash Player 10.3.183.5 Adobe Flash Player 10.3.183.7 Adobe Flash Player 10.3.183.10 Adobe Flash Player 10.3.183.11 Adobe Flash Player 10.3.183.15 Adobe Flash Player 10.3.183.16 Adobe Flash Player 10.3.183.18 Adobe Flash Player 10.3.183.20 Adobe Flash Player 10.3.183.23 Adobe Flash Player 10.3.183.25	Apple Mac Os X Microsoft Windows
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player 11.0.1.152 Adobe Flash Player 11.1.102.55 Adobe Flash Player 11.1.102.62 Adobe Flash Player 11.1.102.63 Adobe Flash Player 11.2.202.223 Adobe Flash Player 11.2.202.228 Adobe Flash Player 11.2.202.233 Adobe Flash Player 11.2.202.235 Adobe Flash Player 11.2.202.238 Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.102.64 Adobe Flash Player 10.2.152.26 Adobe Flash Player 10.2.152.32 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.159.1 Adobe Flash Player 10.3.181.14 Adobe Flash Player 10.3.181.16 Adobe Flash Player 10.3.181.22 Adobe Flash Player 10.3.181.26 Adobe Flash Player 10.3.181.34 Adobe Flash Player 10.3.183.5 Adobe Flash Player 10.3.183.7 Adobe Flash Player 10.3.183.10 Adobe Flash Player 10.3.183.11 Adobe Flash Player 10.3.183.15 Adobe Flash Player 10.3.183.16 Adobe Flash Player 10.3.183.18 Adobe Flash Player 10.3.183.20 Adobe Flash Player 10.3.183.23 Adobe Flash Player 10.3.183.25	Linux Linux Kernel
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player For Android 10.1.106.17 Adobe Flash Player For Android 10.2.157.51 Adobe Flash Player For Android 10.3.186.7 Adobe Flash Player For Android 11.0.1.153 Adobe Flash Player For Android 11.1.102.59 Adobe Flash Player For Android 11.1.111.5 Adobe Flash Player For Android 11.1.111.7 Adobe Flash Player For Android 11.1.111.8 Adobe Flash Player For Android 11.1.111.9 Adobe Flash Player For Android 11.1.111.10 Adobe Flash Player For Android 11.1.111.16	Google Android 2.0 Google Android 2.0.1 Google Android 2.1 Google Android 2.2 Google Android 2.2 Rev1 Google Android 2.2.1 Google Android 2.2.2 Google Android 2.2.3 Google Android 2.3 Google Android 2.3 Rev1 Google Android 2.3.1 Google Android 2.3.2 Google Android 2.3.3 Google Android 2.3.4 Google Android 2.3.5 Google Android 2.3.6 Google Android 2.3.7 Google Android 3.0 Google Android 3.1 Google Android 3.2 Google Android 3.2.1 Google Android 3.2.2 Google Android 3.2.4 Google Android 3.2.6
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player For Android 11.1.112.60 Adobe Flash Player For Android 11.1.112.61 Adobe Flash Player For Android 11.1.115.7 Adobe Flash Player For Android 11.1.115.8 Adobe Flash Player For Android 11.1.115.11 Adobe Flash Player For Android 11.1.115.12 Adobe Flash Player For Android 11.1.115.17	Google Android 4.0 Google Android 4.0.1 Google Android 4.0.2 Google Android 4.0.3 Google Android 4.0.4 Google Android 4.1

- Metasploit Modules Related To CVE-2012-5259

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)