Adobe Flash Player Object Confusion Vulnerability

Secunia ID	SA49096
CVE-ID	CVE-2012-0779
Release Date	07 May 2012
Criticality	Extremely Critical
Solution Status	Vendor Patch
Software	Adobe Flash Player 11.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error related to object confusion. No further information is currently available. Successful exploitation allows execution of arbitrary code. NOTE: The vulnerability is reportedly being actively exploited in targeted attacks. The vulnerability is reported in the following versions: * Adobe Flash Player versions 11.2.202.233 and prior for Windows, Macintosh, and Linux. * Adobe Flash Player versions 11.1.115.7 and prior for Android 4.x and versions 11.1.111.8 and prior for Android 3.x and 2.x.
Solution	Update to a fixed version. Adobe Flash Player for Windows, Macintosh, and Linux: Update to version 11.2.202.235. Adobe Flash Player for Android 4.x: Update to version 11.1.115.8. Adobe Flash Player for Android 3.x and 2.x: Update to version 11.1.111.9.
Reported by	Reported as a 0-day.
Original Advisory	Adobe (APSB12-09): http://www.adobe.com/support/security/bulletins/apsb12-09.html

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.