Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2012-0754

Published: 16/02/2012 Updated: 30/01/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 1000
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Adobe

Vulnerability Summary

Adobe Flash Player prior to 10.3.183.15 and 11.x prior to 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; prior to 11.1.111.6 on Android 2.x and 3.x; and prior to 11.1.115.6 on Android 4.x allows malicious users to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

Vendor Advisories

Red Hat: Critical: flash-plugin security update
Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having crit ...

Exploits

Exploit DB: Adobe Flash Player - '.mp4 cprt' Remote Overflow (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::R ...

Mailing Lists

Packetstorm: Adobe Flash Player .mp4 'cprt' Overflow
This Metasploit module exploits a vulnerability found in Adobe Flash Player By supplying a corrupt mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situationdoc" phishing campaign ...

Metasploit Modules

Adobe Flash Player MP4 'cprt' Overflow

This module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt .mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situation.doc" e-mail attack. According to the advisory, 10.3.183.15 and 11.x before 11.1.102.62 are affected.

msf > use exploit/windows/browser/adobe_flash_mp4_cprt
msf exploit(adobe_flash_mp4_cprt) > show targets
    ...targets...
msf exploit(adobe_flash_mp4_cprt) > set TARGET < target-id >
msf exploit(adobe_flash_mp4_cprt) > show options
    ...show and set options...
msf exploit(adobe_flash_mp4_cprt) > exploit

Recent Articles

Investigation Report for the September 2014 Equation malware detection incident in the US
Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

Read more...
Months After A Patch, Targeted Attacks Still Using Adobe Flash Bug
Threatpost • Paul Roberts • 23 May 2012

More than three months after it was patched, attackers are still using a vulnerability in Adobe’s Flash product in targeted, ‘APT-style’ attacks. The vulnerability, identified as CVE-2012-0754 was patched in February and linked to targeted attacks weeks later. But new attacks targeting unpatched systems are still circulating, according to a report from Xecure Lab, which reported that attackers are continuing to refine their technique even months after Adobe issued a patch for t...

Read more...
Adobe Issues Emergency Fix For Flash Player Vulnerabilities
Threatpost • Paul Roberts • 05 Mar 2012

Adobe on Monday issued two emergency fixes for critical security vulnerabilities in its Flash Player product. The vulnerabilities, if left unpatched, could allow an attacker to take control of a system running a vulnerable version of Flash Player.
Adobe on Monday issued two emergency fixes for critical security vulnerabilities in its Flash Player product. The vulnerabilities, if left unpatched, could allow an attacker to take control of a system running a vulnerable version of ...

Read more...
Attackers Target CVE-2012-0754 Adobe Flash Bug
Threatpost • Dennis Fisher • 05 Mar 2012

An Adobe Flash vulnerability fixed last month is being used in targeted attacks right now, with attackers attempting to persuade victims to open a malicious Word document that contains the payload for the Flash bug. The vulnerability has been patched for nearly a month, but history has shown that flaws that have been patched for several months or even years are still quite valuable for targeted attacks.
Researcher Mila Parkour at Contagio analyzed one of the recent targeted att...

Read more...

References

CWE-787http://www.adobe.com/support/security/bulletins/apsb12-03.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0144.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.htmlhttp://security.gentoo.org/glsa/glsa-201204-07.xmlhttp://secunia.com/advisories/48819https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15973https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15030http://secunia.com/advisories/48265https://nvd.nist.govhttps://www.securityfocus.com/bid/52034https://packetstormsecurity.com/files/110559/Adobe-Flash-Player-.mp4-cprt-Overflow.htmlhttps://threatpost.com/months-after-patch-targeted-attacks-still-using-adobe-flash-bug-052312/76605/https://www.exploit-db.com/exploits/18572/https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/52034
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-22281CVE-2023-0617CVE-2022-31711CVE-2023-0115CVE-2022-27596privilegedosCVE-2022-47003arbitrary code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook