10
CVSSv2

CVE-2012-0754

Published: 16/02/2012 Updated: 30/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player prior to 10.3.183.15 and 11.x prior to 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; prior to 11.1.111.6 on Android 2.x and 3.x; and prior to 11.1.115.6 on Android 4.x allows malicious users to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player 10.3.181.22

adobe flash_player 10.3.181.16

adobe flash_player 9.0.9.0

adobe flash_player 9.0.283.0

adobe flash_player 6

adobe flash_player 5

adobe flash_player 10.2.154.25

adobe flash_player 10.2.156.12

adobe flash_player 10.1.95.1

adobe flash_player 10.1.52.15

adobe flash_player 10.0.45.2

adobe flash_player 10.0.32.18

adobe flash_player 9.0.125.0

adobe flash_player 9.0.152.0

adobe flash_player 9.0.151.0

adobe flash_player 9.0.20

adobe flash_player 9.0.115.0

adobe flash_player 9.0.277.0

adobe flash_player 9.0.114.0

adobe flash_player 8.0.35.0

adobe flash_player 7.0.66.0

adobe flash_player 7.1

adobe flash_player 7.0.61.0

adobe flash_player 7.0.14.0

adobe flash_player 10.3.183.7

adobe flash_player 10.3.183.5

adobe flash_player 10.2.152.32

adobe flash_player 10.2.152.26

adobe flash_player 9.0.280

adobe flash_player 9.0

adobe flash_player 2

adobe flash_player 10.2.157.51

adobe flash_player 10.1.106.16

adobe flash_player 10.1.105.6

adobe flash_player 10.0.12.36

adobe flash_player 10.0.15.3

adobe flash_player 9.0.112.0

adobe flash_player 9.0.28.0

adobe flash_player 9.0.18d60

adobe flash_player 9.0.16

adobe flash_player 9.0.31

adobe flash_player 9.0.124.0

adobe flash_player 8.0.33.0

adobe flash_player 8.0.22.0

adobe flash_player 7.0.63

adobe flash_player 7.0.69.0

adobe flash_player 7.0.73.0

adobe flash_player 7.0.24.0

adobe flash_player 7.2

adobe flash_player 7.0.1

adobe flash_player 6.0.21.0

adobe flash_player 10.3.181.34

adobe flash_player 10.3.181.26

adobe flash_player 10.1.102.64

adobe flash_player 10.1.85.3

adobe flash_player 8.0

adobe flash_player 7.0

adobe flash_player 10.2.152.33

adobe flash_player 10.2.154.13

adobe flash_player 10.1.92.8

adobe flash_player 10.1.95.2

adobe flash_player 10.0.42.34

adobe flash_player 10.0.0.584

adobe flash_player 9.0.260.0

adobe flash_player 9.0.246.0

adobe flash_player 9.0.45.0

adobe flash_player 9.0.28

adobe flash_player 9.0.48.0

adobe flash_player 9.0.47.0

adobe flash_player 8.0.42.0

adobe flash_player 8.0.24.0

adobe flash_player 8.0.34.0

adobe flash_player 7.0.70.0

adobe flash_player 7.1.1

adobe flash_player 7.0.53.0

adobe flash_player 7.0.60.0

adobe flash_player 6.0.79

adobe flash_player

adobe flash_player 10.3.183.10

adobe flash_player 10.3.181.14

adobe flash_player 10.2.159.1

adobe flash_player 10.2.153.1

adobe flash_player 10.1

adobe flash_player 10

adobe flash_player 4

adobe flash_player 3

adobe flash_player 10.2.152

adobe flash_player 10.1.82.76

adobe flash_player 10.1.92.10

adobe flash_player 10.1.53.64

adobe flash_player 10.1.52.14.1

adobe flash_player 10.0.12.10

adobe flash_player 10.0.22.87

adobe flash_player 9.125.0

adobe flash_player 9.0.262.0

adobe flash_player 9.0.20.0

adobe flash_player 9.0.31.0

adobe flash_player 9.0.159.0

adobe flash_player 9.0.155.0

adobe flash_player 8.0.39.0

adobe flash_player 7.0.25

adobe flash_player 7.0.68.0

adobe flash_player 7.0.67.0

adobe flash_player 7.0.19.0

adobe flash_player 11.0

adobe flash_player 11.1

adobe flash_player 11.0.1.153

adobe flash_player 11.0.1.152

adobe flash_player_for_android 11.1.102.59

adobe flash_player_for_android

adobe flash_player_for_android 11.1.112.60

adobe flash_player_for_android 11.1.111.5

Vendor Advisories

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having crit ...

Exploits

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::R ...

Mailing Lists

This Metasploit module exploits a vulnerability found in Adobe Flash Player By supplying a corrupt mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situationdoc" phishing campaign ...

Metasploit Modules

Adobe Flash Player MP4 'cprt' Overflow

This module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt .mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situation.doc" e-mail attack. According to the advisory, 10.3.183.15 and 11.x before 11.1.102.62 are affected.

msf > use exploit/windows/browser/adobe_flash_mp4_cprt
msf exploit(adobe_flash_mp4_cprt) > show targets
    ...targets...
msf exploit(adobe_flash_mp4_cprt) > set TARGET < target-id >
msf exploit(adobe_flash_mp4_cprt) > show options
    ...show and set options...
msf exploit(adobe_flash_mp4_cprt) > exploit

Recent Articles

Investigation Report for the September 2014 Equation malware detection incident in the US
Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

Months After A Patch, Targeted Attacks Still Using Adobe Flash Bug
Threatpost • Paul Roberts • 23 May 2012

More than three months after it was patched, attackers are still using a vulnerability in Adobe’s Flash product in targeted, ‘APT-style’ attacks. The vulnerability, identified as CVE-2012-0754 was patched in February and linked to targeted attacks weeks later. But new attacks targeting unpatched systems are still circulating, according to a report from Xecure Lab, which reported that attackers are continuing to refine their technique even months after Adobe issued a patch for t...

Adobe Issues Emergency Fix For Flash Player Vulnerabilities
Threatpost • Paul Roberts • 05 Mar 2012

Adobe on Monday issued two emergency fixes for critical security vulnerabilities in its Flash Player product. The vulnerabilities, if left unpatched, could allow an attacker to take control of a system running a vulnerable version of Flash Player.
Adobe on Monday issued two emergency fixes for critical security vulnerabilities in its Flash Player product. The vulnerabilities, if left unpatched, could allow an attacker to take control of a system running a vulnerable version of ...

Attackers Target CVE-2012-0754 Adobe Flash Bug
Threatpost • Dennis Fisher • 05 Mar 2012

An Adobe Flash vulnerability fixed last month is being used in targeted attacks right now, with attackers attempting to persuade victims to open a malicious Word document that contains the payload for the Flash bug. The vulnerability has been patched for nearly a month, but history has shown that flaws that have been patched for several months or even years are still quite valuable for targeted attacks.
Researcher Mila Parkour at Contagio analyzed one of the recent targeted att...