10 Jun 2012
18 Jun 2012
Adobe AIR 3.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.
The actual impact varies significantly depending on the design and purpose of the affected application.
Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) An error when parsing ActionScript can be exploited to corrupt memory.
2) An unspecified error can be exploited to cause a stack-based buffer overflow.
3) An integer overflow error can be exploited to corrupt memory.
4) An error within NPSWF32.dll when parsing certain tags can be exploited to corrupt memory.
5) An error in the "SoundMixer.computeSpectrum()" method can be exploited to bypass the same-origin policy.
6) Unspecified errors related to "null dereference" may reportedly allow code execution.
7) An unspecified error in the installer allows planting a binary file and may allow execution of arbitrary code.
The vulnerabilities are reported in the following versions:
Update to a fixed version.
Flash Player 22.214.171.124 and earlier for Windows and Macintosh:
Flash Player 126.96.36.199 and earlier for Android 4.x:
Flash Player 188.8.131.52 and earlier for Android 3.x and 2.x:
Flash Player 184.108.40.206 and earlier for Chrome users:
AIR 220.127.116.110 for Android:
1) wushi of team509 via iDefense VCP.
The vendor credits:
Fortinet's FortiGuard Labs: