The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Adobe Flash Player Object Confusion Vulnerability

Secunia ID




Release Date

07 May 2012


Extremely Critical

Solution Status

Vendor Patch


Adobe Flash Player 11.x


From remote

System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.


A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error related to object confusion. No further information is currently available.

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability is reportedly being actively exploited in targeted attacks.

The vulnerability is reported in the following versions:
* Adobe Flash Player versions and prior for Windows, Macintosh, and Linux.
* Adobe Flash Player versions and prior for Android 4.x and versions and prior for Android 3.x and 2.x.


Update to a fixed version.

Adobe Flash Player for Windows, Macintosh, and Linux:
Update to version

Adobe Flash Player for Android 4.x:
Update to version

Adobe Flash Player for Android 3.x and 2.x:
Update to version

Reported by

Reported as a 0-day.

Original Advisory

Adobe (APSB12-09):