OSVDB ID: 86032

Title: Adobe Flash Player / AIR Unspecified Overflow (2012-5255)

Info

Disclosure

Oct 08, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 08, 2012

Description

Adobe Flash Player and AIR are prone to an overflow condition. The programs fail to properly sanitize user-supplied input resulting in a buffer overflow. Through unspecified means, a context-dependent attacker can potentially execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

For Adobe Flash Player, for Windows and Mac, upgrade to version 11.4.402.287 or 10.3.183.29 or higher. For Linux, version 10.3.183.29 or 11.2.202.243 or higher. For Android, 11.1.115.20 or higher for 4.x and 11.1.111.19 or higher for 3.x, as they have been reported to fix this vulnerability. For AIR, upgrade to version 3.4.0.2710 or higher. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Flash Player

11.4.402.278
11.4.402.265
11.2.202.238
11.1.115.17
11.1.111.16

AIR

3.4.0.2540
3.4.0.2540 SDK

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/86032