English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsSA50876

Adobe Flash Player / AIR Multiple Vulnerabilities


Secunia ID

SA50876
CVE-ID

CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272, CVE-2012-5285, CVE-2012-5286, CVE-2012-5287, CVE-2012-5673
Release Date

09 Oct 2012
Last Change

05 Nov 2012
Criticality

Highly Critical
Solution Status

Vendor Patch
Software

Adobe AIR 3.x
Adobe Flash Player 11.x
Where

From remote
Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description

Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR, which can be exploited by malicious people to compromise a user's system.

1) Some unspecified errors can be exploited to cause buffer overflows. No further information is currently available.

2) Some unspecified errors can be exploited to corrupt memory. No further information is currently available.

3) Another unspecified error can be exploited to corrupt memory. No further information is currently available.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in the following versions:
* Adobe Flash Player versions 11.4.402.278 and prior for Windows
* Adobe Flash Player versions 11.4.402.265 and prior for Macintosh
* Adobe Flash Player versions 11.2.202.238 and prior for Linux
* Adobe Flash Player versions 11.1.115.17 and prior for Android 4.x
* Adobe Flash Player versions 11.1.111.16 and prior for Android 3.x and 2.x
* Adobe AIR versions 3.4.0.2540 and prior for Windows and Macintosh, SDK (includes AIR for iOS), and for Android
Solution

Update to a fixed version.

Flash Player for Windows and Macintosh:
Update to version 11.4.402.287

Flash Player for Linux:
Update to version 11.2.202.243

Flash Player for Android 4.x:
Update to version 11.1.115.20

Flash Player for Android 3.x and 2.x:
Update to version 11.1.111.19

Flash Player for Chrome:
Update to version 11.4.31.110

Flash Player for Internet Explorer 10:
Update to version 11.3.375.10

AIR for Windows and Macintosh, SDK (includes AIR for iOS), and for Android:
Update to version 3.4.0.2710
Reported by

The vendor credits:
1, 2) Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna, Google Security Team.
3) Dark Son, Code Audit Labs
Original Advisory

http://www.adobe.com/support/security/bulletins/apsb12-22.html

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search