Adobe Flash Player Multiple Vulnerabilities

Secunia ID	SA50354
CVE-ID	CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168, CVE-2012-4171, CVE-2012-5054
Release Date	22 Aug 2012
Last Change	25 Sep 2012
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	Adobe AIR 3.x Adobe Flash Player 11.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Exposure of sensitive information Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Description	Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system. 1) An unspecified error can be exploited to corrupt memory. 2) An unspecified error can be exploited to corrupt memory. 3) An unspecified error can be exploited to corrupt memory. 4) An unspecified error can be exploited to corrupt memory. 5) An integer overflow error can be exploited to corrupt memory. 6) An error can lead to cross-domain information leaks. 7) A logic error exists when handling multiple dialogs within Firefox. 8) An integer overflow error in the "copyRawDataTo()" method in the Matrix3D class can be exploited to corrupt memory. The vulnerabilities are reported in the following versions: * Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh, and Linux * Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x * Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x * Adobe AIR 3.3.0.3670 and earlier versions for Windows and Macintosh * Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) and earlier versions * Adobe AIR 3.3.0.3650 and earlier versions for Android
Solution	Update to a fixed version. Flash Player 11.4.402.265 for Windows and Macintosh: http://www.adobe.com/go/getflash Flash Player 11.4.402.265 - network distribution: http://www.adobe.com/licensing/distribution Flash Player 11.2.202.238 for Linux: http://www.adobe.com/go/getflash Flash Player 11.1.115.17 for Android 4.x: Update to devices that already have Flash Player installed prior to August 15, 2012. Flash Player 11.1.111.16 for Android 3.x and 2.x: Update to devices that already have Flash Player installed prior to August 15, 2012. Flash Player 11.3.31.230 for Chrome users (Windows and Linux) http://googlechromereleases.blogspot.com/ Flash Player 11.4.402.265 for Chrome users (Macintosh) http://googlechromereleases.blogspot.com/ AIR 3.4.0.2540 for Windows and Macintosh: http://get.adobe.com/air/ AIR 3.4.0.2540 SDK (includes AIR for iOS): http://www.adobe.com/devnet/air/air-sdk-download.html AIR 3.4.0.2540 for Android: http://market.android.com/details?id=com.adobe.air http://www.amazon.com/Adobe-Systems-AIR/dp/B004SRNH10/ref=sr_1_6?ie=UTF8&qid=1339095848&sr=8-6
Reported by	The vendor credits: 1) Xu Liu, Fortinet's FortiGuard Labs 2) Will Dormann, CERT 3, 4) Honggang Ren, Fortinet's FortiGuard Labs 5) Alexander Gavrun, iDefense VCP 6) Claudio Santambrogio, Opera Software 7) Attila Suszter 8) Reported by the vendor.
Original Advisory	Adobe: http://www.adobe.com/support/security/bulletins/apsb12-19.html

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.