Internet threat level: 1
Home→Descriptions→SA48281
Adobe Flash Player Two Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
06 Mar 2012 |
| Last Change |
10 Apr 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Adobe Flash Player 10.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Exposure of sensitive informationVulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote. |
| Description |
Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system. 1) An unspecified error in Matrix3D can be exploited to corrupt memory and may allow execution of arbitrary code. 2) An input validation error within the "histogram()" method of the "BitmapData" class can be exploited to disclose information. The vulnerabilities are reported in the following versions: |
| Solution |
Update to a fixed version. Flash Player 11.1.102.62 and earlier: Flash Player 11.1.102.62 and earlier - network distribution: Flash Player 10.x: Flash Player 11.1.115.6 and earlier for Android 4.x: Flash Player 11.1.111.6 and earlier for Android 3.x and 2.x: |
| Reported by |
1) The vendor credits Tavis Ormandy, Google Security Team. |
| Original Advisory |
Adobe: Fermin J. Serna: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.