CVE-2012-2038 : Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows an

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

Published 2012-06-09 00:55:01

Updated 2025-04-11 00:51:22

Source Adobe Systems Incorporated

View at NVD, CVE.org

Products affected by CVE-2012-2038

Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.2
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
Matching versions
Adobe » Flash Player
Versions up to, including, (<=) 11.2.202.235
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player
Versions up to, including, (<=) 11.1.111.9
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Google » Android
Adobe » Flash Player
Versions up to, including, (<=) 11.1.115.8
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Google » Android
Adobe » AIR
Versions up to, including, (<=) 3.2.0.2070
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Google » Android » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Suse » Linux Enterprise Desktop » Version: 11 Update SP1
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-2038

EPSS FAQ

1.36%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-2038

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-2038

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2038

http://www.adobe.com/support/security/bulletins/apsb12-14.html

Adobe - Security Bulletins: APSB12-14 - Security updates available for Adobe Flash Player
Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html

[security-announce] SUSE-SU-2012:0724-1: critical: Security update for f
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html

[security-announce] openSUSE-SU-2012:0723-1: critical: flash-player: Upd
Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2012-0722.html

RHSA-2012:0722 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-2038

Products affected by CVE-2012-2038

Exploit prediction scoring system (EPSS) score for CVE-2012-2038

CVSS scores for CVE-2012-2038

CWE ids for CVE-2012-2038

References for CVE-2012-2038