English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Adobe Flash Player Object Confusion Vulnerability


Secunia ID

SA49096

CVE-ID

CVE-2012-0779

Release Date

07 May 2012

Criticality

Extremely Critical

Solution Status

Vendor Patch

Software

Adobe Flash Player 11.x

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error related to object confusion. No further information is currently available.

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability is reportedly being actively exploited in targeted attacks.

The vulnerability is reported in the following versions:
* Adobe Flash Player versions 11.2.202.233 and prior for Windows, Macintosh, and Linux.
* Adobe Flash Player versions 11.1.115.7 and prior for Android 4.x and versions 11.1.111.8 and prior for Android 3.x and 2.x.

Solution

Update to a fixed version.

Adobe Flash Player for Windows, Macintosh, and Linux:
Update to version 11.2.202.235.

Adobe Flash Player for Android 4.x:
Update to version 11.1.115.8.

Adobe Flash Player for Android 3.x and 2.x:
Update to version 11.1.111.9.

Reported by

Reported as a 0-day.

Original Advisory

Adobe (APSB12-09):
http://www.adobe.com/support/security/bulletins/apsb12-09.html