CVE-2012-5285 : Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.40

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22.

Published 2012-11-13 13:39:47

Updated 2025-04-11 00:51:22

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2012-5285

Adobe » Flash Player
Versions from including (>=) 11.4 and before (<) 11.4.402.287
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player
Versions from including (>=) 11.1 and before (<) 11.1.111.19
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Google » Android
When used together with: Google » Android
Adobe » Flash Player
Versions from including (>=) 11.1 and before (<) 11.1.115.20
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Google » Android
Adobe » Flash Player
Versions from including (>=) 10.3 and before (<) 10.3.183.29
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player
Versions from including (>=) 11.2 and before (<) 11.2.202.243
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Adobe » AIR
Versions before (<) 3.4.0.2710
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Matching versions
Adobe » Air Sdk
Versions before (<) 3.4.0.2710
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-5285

EPSS FAQ

8.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-5285

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-5285

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-5285

http://osvdb.org/86874

Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/79770

Adobe Flash Player and Air buffer overflow CVE-2012-5285 Vulnerability Report
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/56374

Adobe Flash Player and AIR CVE-2012-5285 Buffer Overflow Vulnerability
Third Party Advisory;VDB Entry
http://www.adobe.com/support/security/bulletins/apsb12-22.html

Adobe - Security Bulletins: APSB12-22 - Security updates available for Adobe Flash Player
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-5285

Products affected by CVE-2012-5285

Exploit prediction scoring system (EPSS) score for CVE-2012-5285

CVSS scores for CVE-2012-5285

CWE ids for CVE-2012-5285

References for CVE-2012-5285