OSVDB ID: 86044

Title: Adobe Flash Player / AIR Unspecified Memory Corruption (2012-5267)

Info

Disclosure
Oct 08, 2012

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Oct 08, 2012

Description

 A memory corruption flaw exists in Adobe Flash Player and AIR. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified means, a context-dependent attacker can potentially execute arbitrary code.

Classification

 Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

 For Adobe Flash Player, for Windows and Mac, upgrade to version 11.4.402.287 or 10.3.183.29 or higher. For Linux, version 10.3.183.29 or 11.2.202.243 or higher. For Android, 11.1.115.20 or higher for 4.x and 11.1.111.19 or higher for 3.x, as they have been reported to fix this vulnerability. For AIR, upgrade to version 3.4.0.2710 or higher. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Flash Player

 11.4.402.278
11.4.402.265
11.2.202.238
11.1.115.17
11.1.111.16

AIR

 3.4.0.2540
3.4.0.2540 SDK

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/86044