Vulnerability Details : CVE-2012-0754

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Publish Date : 2012-02-16 Last Update Date : 2018-01-09

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	10.0
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceExecute CodeOverflowMemory corruption
CWE ID	119

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	critical	6.8	AV:N/AC:M/Au:N/C:P/I:P/A:P	2012-02-15	2012-02-15

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Family
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1....	oval:org.mitre.oval:def:15973	macos
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1....	oval:org.mitre.oval:def:15030	windows
CVE-2012-0754	oval:org.opensuse.security:def:20120754	unix
ELSA-2012:0144: flash-plugin security update (Critical)	oval:org.mitre.oval:def:23854	unix
RHSA-2012:0144: flash-plugin security update (Critical)	oval:org.mitre.oval:def:20413	unix
RHSA-2012:0144: flash-plugin security update (Critical)	oval:com.redhat.rhsa:def:20120144	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2012-0754

#	Product Type	Vendor	Product	Version
1	Application	Adobe	Flash Player	2	Version Details Vulnerabilities
2	Application	Adobe	Flash Player	3	Version Details Vulnerabilities
3	Application	Adobe	Flash Player	4	Version Details Vulnerabilities
4	Application	Adobe	Flash Player	5	Version Details Vulnerabilities
5	Application	Adobe	Flash Player	6	Version Details Vulnerabilities
6	Application	Adobe	Flash Player	6.0.21.0	Version Details Vulnerabilities
7	Application	Adobe	Flash Player	6.0.79	Version Details Vulnerabilities
8	Application	Adobe	Flash Player	7	Version Details Vulnerabilities
9	Application	Adobe	Flash Player	7.0	Version Details Vulnerabilities
10	Application	Adobe	Flash Player	7.0.1	Version Details Vulnerabilities
11	Application	Adobe	Flash Player	7.0.14.0	Version Details Vulnerabilities
12	Application	Adobe	Flash Player	7.0.19.0	Version Details Vulnerabilities
13	Application	Adobe	Flash Player	7.0.24.0	Version Details Vulnerabilities
14	Application	Adobe	Flash Player	7.0.25	Version Details Vulnerabilities
15	Application	Adobe	Flash Player	7.0.53.0	Version Details Vulnerabilities
16	Application	Adobe	Flash Player	7.0.60.0	Version Details Vulnerabilities
17	Application	Adobe	Flash Player	7.0.61.0	Version Details Vulnerabilities
18	Application	Adobe	Flash Player	7.0.63	Version Details Vulnerabilities
19	Application	Adobe	Flash Player	7.0.66.0	Version Details Vulnerabilities
20	Application	Adobe	Flash Player	7.0.67.0	Version Details Vulnerabilities
21	Application	Adobe	Flash Player	7.0.68.0	Version Details Vulnerabilities
22	Application	Adobe	Flash Player	7.0.69.0	Version Details Vulnerabilities
23	Application	Adobe	Flash Player	7.0.70.0	Version Details Vulnerabilities
24	Application	Adobe	Flash Player	7.0.73.0	Version Details Vulnerabilities
25	Application	Adobe	Flash Player	7.1	Version Details Vulnerabilities
26	Application	Adobe	Flash Player	7.1.1	Version Details Vulnerabilities
27	Application	Adobe	Flash Player	7.2	Version Details Vulnerabilities
28	Application	Adobe	Flash Player	8	Version Details Vulnerabilities
29	Application	Adobe	Flash Player	8.0	Version Details Vulnerabilities
30	Application	Adobe	Flash Player	8.0.22.0	Version Details Vulnerabilities
31	Application	Adobe	Flash Player	8.0.24.0	Version Details Vulnerabilities
32	Application	Adobe	Flash Player	8.0.33.0	Version Details Vulnerabilities
33	Application	Adobe	Flash Player	8.0.34.0	Version Details Vulnerabilities
34	Application	Adobe	Flash Player	8.0.35.0	Version Details Vulnerabilities
35	Application	Adobe	Flash Player	8.0.39.0	Version Details Vulnerabilities
36	Application	Adobe	Flash Player	8.0.42.0	Version Details Vulnerabilities
37	Application	Adobe	Flash Player	9	Version Details Vulnerabilities
38	Application	Adobe	Flash Player	9.0.9.0	Version Details Vulnerabilities
39	Application	Adobe	Flash Player	9.0.16	Version Details Vulnerabilities
40	Application	Adobe	Flash Player	9.0.18d60	Version Details Vulnerabilities
41	Application	Adobe	Flash Player	9.0.20	Version Details Vulnerabilities
42	Application	Adobe	Flash Player	9.0.20.0	Version Details Vulnerabilities
43	Application	Adobe	Flash Player	9.0.28	Version Details Vulnerabilities
44	Application	Adobe	Flash Player	9.0.28.0	Version Details Vulnerabilities
45	Application	Adobe	Flash Player	9.0.31	Version Details Vulnerabilities
46	Application	Adobe	Flash Player	9.0.31.0	Version Details Vulnerabilities
47	Application	Adobe	Flash Player	9.0.45.0	Version Details Vulnerabilities
48	Application	Adobe	Flash Player	9.0.47.0	Version Details Vulnerabilities
49	Application	Adobe	Flash Player	9.0.48.0	Version Details Vulnerabilities
50	Application	Adobe	Flash Player	9.0.112.0	Version Details Vulnerabilities
51	Application	Adobe	Flash Player	9.0.114.0	Version Details Vulnerabilities
52	Application	Adobe	Flash Player	9.0.115.0	Version Details Vulnerabilities
53	Application	Adobe	Flash Player	9.0.124.0	Version Details Vulnerabilities
54	Application	Adobe	Flash Player	9.0.125.0	Version Details Vulnerabilities
55	Application	Adobe	Flash Player	9.0.151.0	Version Details Vulnerabilities
56	Application	Adobe	Flash Player	9.0.152.0	Version Details Vulnerabilities
57	Application	Adobe	Flash Player	9.0.155.0	Version Details Vulnerabilities
58	Application	Adobe	Flash Player	9.0.159.0	Version Details Vulnerabilities
59	Application	Adobe	Flash Player	9.0.246.0	Version Details Vulnerabilities
60	Application	Adobe	Flash Player	9.0.260.0	Version Details Vulnerabilities
61	Application	Adobe	Flash Player	9.0.262.0	Version Details Vulnerabilities
62	Application	Adobe	Flash Player	9.0.277.0	Version Details Vulnerabilities
63	Application	Adobe	Flash Player	9.0.280	Version Details Vulnerabilities
64	Application	Adobe	Flash Player	9.0.283.0	Version Details Vulnerabilities
65	Application	Adobe	Flash Player	9.125.0	Version Details Vulnerabilities
66	Application	Adobe	Flash Player	10	Version Details Vulnerabilities
67	Application	Adobe	Flash Player	10.0.0.584	Version Details Vulnerabilities
68	Application	Adobe	Flash Player	10.0.12.10	Version Details Vulnerabilities
69	Application	Adobe	Flash Player	10.0.12.36	Version Details Vulnerabilities
70	Application	Adobe	Flash Player	10.0.15.3	Version Details Vulnerabilities
71	Application	Adobe	Flash Player	10.0.22.87	Version Details Vulnerabilities
72	Application	Adobe	Flash Player	10.0.32.18	Version Details Vulnerabilities
73	Application	Adobe	Flash Player	10.0.42.34	Version Details Vulnerabilities
74	Application	Adobe	Flash Player	10.0.45.2	Version Details Vulnerabilities
75	Application	Adobe	Flash Player	10.1	Version Details Vulnerabilities
76	Application	Adobe	Flash Player	10.1.52.14.1	Version Details Vulnerabilities
77	Application	Adobe	Flash Player	10.1.52.15	Version Details Vulnerabilities
78	Application	Adobe	Flash Player	10.1.53.64	Version Details Vulnerabilities
79	Application	Adobe	Flash Player	10.1.82.76	Version Details Vulnerabilities
80	Application	Adobe	Flash Player	10.1.85.3	Version Details Vulnerabilities
81	Application	Adobe	Flash Player	10.1.92.8	Version Details Vulnerabilities
82	Application	Adobe	Flash Player	10.1.92.10	Version Details Vulnerabilities
83	Application	Adobe	Flash Player	10.1.95.1	Version Details Vulnerabilities
84	Application	Adobe	Flash Player	10.1.95.2	Version Details Vulnerabilities
85	Application	Adobe	Flash Player	10.1.102.64	Version Details Vulnerabilities
86	Application	Adobe	Flash Player	10.1.105.6	Version Details Vulnerabilities
87	Application	Adobe	Flash Player	10.1.106.16	Version Details Vulnerabilities
88	Application	Adobe	Flash Player	10.2.152	Version Details Vulnerabilities
89	Application	Adobe	Flash Player	10.2.152.26	Version Details Vulnerabilities
90	Application	Adobe	Flash Player	10.2.152.32	Version Details Vulnerabilities
91	Application	Adobe	Flash Player	10.2.152.33	Version Details Vulnerabilities
92	Application	Adobe	Flash Player	10.2.153.1	Version Details Vulnerabilities
93	Application	Adobe	Flash Player	10.2.154.13	Version Details Vulnerabilities
94	Application	Adobe	Flash Player	10.2.154.25	Version Details Vulnerabilities
95	Application	Adobe	Flash Player	10.2.156.12	Version Details Vulnerabilities
96	Application	Adobe	Flash Player	10.2.157.51	Version Details Vulnerabilities
97	Application	Adobe	Flash Player	10.2.159.1	Version Details Vulnerabilities
98	Application	Adobe	Flash Player	10.3.181.14	Version Details Vulnerabilities
99	Application	Adobe	Flash Player	10.3.181.16	Version Details Vulnerabilities
100	Application	Adobe	Flash Player	10.3.181.22	Version Details Vulnerabilities
101	Application	Adobe	Flash Player	10.3.181.26	Version Details Vulnerabilities
102	Application	Adobe	Flash Player	10.3.181.34	Version Details Vulnerabilities
103	Application	Adobe	Flash Player	10.3.183.5	Version Details Vulnerabilities
104	Application	Adobe	Flash Player	10.3.183.7	Version Details Vulnerabilities
105	Application	Adobe	Flash Player	10.3.183.10	Version Details Vulnerabilities
106	Application	Adobe	Flash Player	10.3.183.11	Version Details Vulnerabilities
107	Application	Adobe	Flash Player	11.0	Version Details Vulnerabilities
108	Application	Adobe	Flash Player	11.0.1.152	Version Details Vulnerabilities
109	Application	Adobe	Flash Player	11.0.1.153	Version Details Vulnerabilities
110	Application	Adobe	Flash Player	11.1	Version Details Vulnerabilities
111	Application	Adobe	Flash Player	11.1.102.55	Version Details Vulnerabilities
112	Application	Adobe	Flash Player For Android	11.1.102.59	Version Details Vulnerabilities
113	Application	Adobe	Flash Player For Android	11.1.111.5	Version Details Vulnerabilities
114	Application	Adobe	Flash Player For Android	11.1.112.60	Version Details Vulnerabilities
115	Application	Adobe	Flash Player For Android	11.1.112.61	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Adobe	Flash Player	111
Adobe	Flash Player For Android	4

- References For CVE-2012-0754

http://security.gentoo.org/glsa/glsa-201204-07.xml
GENTOO GLSA-201204-07

http://www.adobe.com/support/security/bulletins/apsb12-03.html CONFIRM

http://rhn.redhat.com/errata/RHSA-2012-0144.html
REDHAT RHSA-2012:0144

http://secunia.com/advisories/48265
SECUNIA 48265

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
SUSE openSUSE-SU-2012:0265

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player 10.3.183.11 Adobe Flash Player 10.3.183.10 Adobe Flash Player 10.3.183.7 Adobe Flash Player 10.3.183.5 Adobe Flash Player 10.3.181.34 Adobe Flash Player 10.3.181.26 Adobe Flash Player 10.3.181.22 Adobe Flash Player 10.3.181.16 Adobe Flash Player 10.3.181.14 Adobe Flash Player 10.2.159.1 Adobe Flash Player 10.2.157.51 Adobe Flash Player 10.2.156.12 Adobe Flash Player 10.2.154.25 Adobe Flash Player 10.2.154.13 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.152.33 Adobe Flash Player 10.2.152.32 Adobe Flash Player 10.2.152.26 Adobe Flash Player 10.2.152 Adobe Flash Player 10.1.106.16 Adobe Flash Player 10.1.105.6 Adobe Flash Player 10.1.102.64 Adobe Flash Player 10.1.95.2 Adobe Flash Player 10.1.95.1 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.92.8 Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.82.76 Adobe Flash Player 10.1.53.64 Adobe Flash Player 10.1.52.15 Adobe Flash Player 10.1.52.14.1 Adobe Flash Player 10.1 Adobe Flash Player 10.0.45.2 Adobe Flash Player 10.0.42.34 Adobe Flash Player 10.0.32.18 Adobe Flash Player 10.0.22.87 Adobe Flash Player 10.0.15.3 Adobe Flash Player 10.0.12.36 Adobe Flash Player 10.0.12.10 Adobe Flash Player 10.0.0.584 Adobe Flash Player 10 Adobe Flash Player 9.125.0 Adobe Flash Player 9.0.283.0 Adobe Flash Player 9.0.280 Adobe Flash Player 9.0.277.0 Adobe Flash Player 9.0.262.0 Adobe Flash Player 9.0.260.0 Adobe Flash Player 9.0.246.0 Adobe Flash Player 9.0.159.0 Adobe Flash Player 9.0.155.0 Adobe Flash Player 9.0.152.0 Adobe Flash Player 9.0.151.0 Adobe Flash Player 9.0.125.0 Adobe Flash Player 9.0.124.0 Adobe Flash Player 9.0.115.0 Adobe Flash Player 9.0.114.0 Adobe Flash Player 9.0.112.0 Adobe Flash Player 9.0.48.0 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.31 Adobe Flash Player 9.0.28.0 Adobe Flash Player 9.0.28 Adobe Flash Player 9.0.20.0 Adobe Flash Player 9.0.20 Adobe Flash Player 9.0.18d60 Adobe Flash Player 9.0.16 Adobe Flash Player 9.0.9.0 Adobe Flash Player 9 Adobe Flash Player 8.0.42.0 Adobe Flash Player 8.0.39.0 Adobe Flash Player 8.0.35.0 Adobe Flash Player 8.0.34.0 Adobe Flash Player 8.0.33.0 Adobe Flash Player 8.0.24.0 Adobe Flash Player 8.0.22.0 Adobe Flash Player 8.0 Adobe Flash Player 8 Adobe Flash Player 7.2 Adobe Flash Player 7.1.1 Adobe Flash Player 7.1 Adobe Flash Player 7.0.73.0 Adobe Flash Player 7.0.70.0 Adobe Flash Player 7.0.69.0 Adobe Flash Player 7.0.68.0 Adobe Flash Player 7.0.67.0 Adobe Flash Player 7.0.66.0 Adobe Flash Player 7.0.63 Adobe Flash Player 7.0.61.0 Adobe Flash Player 7.0.60.0 Adobe Flash Player 7.0.53.0 Adobe Flash Player 7.0.25 Adobe Flash Player 7.0.24.0 Adobe Flash Player 7.0.19.0 Adobe Flash Player 7.0.14.0 Adobe Flash Player 7.0.1 Adobe Flash Player 7.0 Adobe Flash Player 7 Adobe Flash Player 6.0.79 Adobe Flash Player 6.0.21.0 Adobe Flash Player 6 Adobe Flash Player 5 Adobe Flash Player 4 Adobe Flash Player 3 Adobe Flash Player 2	Apple Mac Os X Linux Linux Kernel Microsoft Windows SUN Sunos
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player 11.1.102.55 Adobe Flash Player 11.1 Adobe Flash Player 11.0.1.153 Adobe Flash Player 11.0.1.152 Adobe Flash Player 11.0	Apple Mac Os X Linux Linux Kernel Microsoft Windows SUN Sunos
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player For Android 11.1.111.5 Adobe Flash Player For Android 11.1.102.59	Google Android 3.0 Google Android 3.1 Google Android 3.2
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player For Android 11.1.112.61 Adobe Flash Player For Android 11.1.112.60 Adobe Flash Player For Android 11.1.111.5 Adobe Flash Player For Android 11.1.102.59	Google Android 4.0

- Metasploit Modules Related To CVE-2012-0754

Adobe Flash Player MP4 'cprt' Overflow

This module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt .mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situation.doc" e-mail attack. According to the advisory, 10.3.183.15 and 11.x before 11.1.102.62 are affected.
Module type : exploit Rank : normal Platforms : Windows