Published: 16/02/2012 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Adobe Flash Player prior to 10.3.183.15 and 11.x prior to 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; prior to 11.1.111.6 on Android 2.x and 3.x; and prior to 11.1.115.6 on Android 4.x allows malicious users to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash_player 10.3.181.22
adobe flash_player 10.3.181.16
adobe flash_player 9.0.9.0
adobe flash_player 9.0.283.0
adobe flash_player 6
adobe flash_player 5
adobe flash_player 10.2.154.25
adobe flash_player 10.2.156.12
adobe flash_player 10.1.95.1
adobe flash_player 10.1.52.15
adobe flash_player 10.0.45.2
adobe flash_player 10.0.32.18
adobe flash_player 9.0.125.0
adobe flash_player 9.0.152.0
adobe flash_player 9.0.151.0
adobe flash_player 9.0.20
adobe flash_player 9.0.115.0
adobe flash_player 9.0.277.0
adobe flash_player 9.0.114.0
adobe flash_player 8.0.35.0
adobe flash_player 7.0.66.0
adobe flash_player 7.1
adobe flash_player 7.0.61.0
adobe flash_player 7.0.14.0
adobe flash_player 10.3.183.7
adobe flash_player 10.3.183.5
adobe flash_player 10.2.152.32
adobe flash_player 10.2.152.26
adobe flash_player 9.0.280
adobe flash_player 9.0
adobe flash_player 2
adobe flash_player 10.2.157.51
adobe flash_player 10.1.106.16
adobe flash_player 10.1.105.6
adobe flash_player 10.0.12.36
adobe flash_player 10.0.15.3
adobe flash_player 9.0.112.0
adobe flash_player 9.0.28.0
adobe flash_player 9.0.18d60
adobe flash_player 9.0.16
adobe flash_player 9.0.31
adobe flash_player 9.0.124.0
adobe flash_player 8.0.33.0
adobe flash_player 8.0.22.0
adobe flash_player 7.0.63
adobe flash_player 7.0.69.0
adobe flash_player 7.0.73.0
adobe flash_player 7.0.24.0
adobe flash_player 7.2
adobe flash_player 7.0.1
adobe flash_player 6.0.21.0
adobe flash_player 10.3.181.34
adobe flash_player 10.3.181.26
adobe flash_player 10.1.102.64
adobe flash_player 10.1.85.3
adobe flash_player 8.0
adobe flash_player 7.0
adobe flash_player 10.2.152.33
adobe flash_player 10.2.154.13
adobe flash_player 10.1.92.8
adobe flash_player 10.1.95.2
adobe flash_player 10.0.42.34
adobe flash_player 10.0.0.584
adobe flash_player 9.0.260.0
adobe flash_player 9.0.246.0
adobe flash_player 9.0.45.0
adobe flash_player 9.0.28
adobe flash_player 9.0.48.0
adobe flash_player 9.0.47.0
adobe flash_player 8.0.42.0
adobe flash_player 8.0.24.0
adobe flash_player 8.0.34.0
adobe flash_player 7.0.70.0
adobe flash_player 7.1.1
adobe flash_player 7.0.53.0
adobe flash_player 7.0.60.0
adobe flash_player 6.0.79
adobe flash_player
adobe flash_player 10.3.183.10
adobe flash_player 10.3.181.14
adobe flash_player 10.2.159.1
adobe flash_player 10.2.153.1
adobe flash_player 10.1
adobe flash_player 10
adobe flash_player 4
adobe flash_player 3
adobe flash_player 10.2.152
adobe flash_player 10.1.82.76
adobe flash_player 10.1.92.10
adobe flash_player 10.1.53.64
adobe flash_player 10.1.52.14.1
adobe flash_player 10.0.12.10
adobe flash_player 10.0.22.87
adobe flash_player 9.125.0
adobe flash_player 9.0.262.0
adobe flash_player 9.0.20.0
adobe flash_player 9.0.31.0
adobe flash_player 9.0.159.0
adobe flash_player 9.0.155.0
adobe flash_player 8.0.39.0
adobe flash_player 7.0.25
adobe flash_player 7.0.68.0
adobe flash_player 7.0.67.0
adobe flash_player 7.0.19.0
adobe flash_player 11.0
adobe flash_player 11.1
adobe flash_player 11.0.1.153
adobe flash_player 11.0.1.152
adobe flash_player_for_android 11.1.102.59
adobe flash_player_for_android
adobe flash_player_for_android 11.1.112.60
adobe flash_player_for_android 11.1.111.5

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having crit ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::R ...

This Metasploit module exploits a vulnerability found in Adobe Flash Player By supplying a corrupt mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situationdoc" phishing campaign ...

This module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt .mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situation.doc" e-mail attack. According to the advisory, 10.3.183.15 and 11.x before 11.1.102.62 are affected.

msf > use exploit/windows/browser/adobe_flash_mp4_cprt
msf exploit(adobe_flash_mp4_cprt) > show targets
    ...targets...
msf exploit(adobe_flash_mp4_cprt) > set TARGET < target-id >
msf exploit(adobe_flash_mp4_cprt) > show options
    ...show and set options...
msf exploit(adobe_flash_mp4_cprt) > exploit

Investigation Report for the September 2014 Equation malware detection incident in the US

Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

Threatpost • Paul Roberts • 23 May 2012

More than three months after it was patched, attackers are still using a vulnerability in Adobe’s Flash product in targeted, ‘APT-style’ attacks. The vulnerability, identified as CVE-2012-0754 was patched in February and linked to targeted attacks weeks later. But new attacks targeting unpatched systems are still circulating, according to a report from Xecure Lab, which reported that attackers are continuing to refine their technique even months after Adobe issued a patch for t...

Threatpost • Paul Roberts • 05 Mar 2012

Adobe on Monday issued two emergency fixes for critical security vulnerabilities in its Flash Player product. The vulnerabilities, if left unpatched, could allow an attacker to take control of a system running a vulnerable version of Flash Player.
Adobe on Monday issued two emergency fixes for critical security vulnerabilities in its Flash Player product. The vulnerabilities, if left unpatched, could allow an attacker to take control of a system running a vulnerable version of ...

Threatpost • Dennis Fisher • 05 Mar 2012

An Adobe Flash vulnerability fixed last month is being used in targeted attacks right now, with attackers attempting to persuade victims to open a malicious Word document that contains the payload for the Flash bug. The vulnerability has been patched for nearly a month, but history has shown that flaws that have been patched for several months or even years are still quite valuable for targeted attacks.
Researcher Mila Parkour at Contagio analyzed one of the recent targeted att...

CVE-2012-0754

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Metasploit Modules

Recent Articles

References

Vulmon Search

About

Products

Connect