9.3
CVSSv2

CVE-2012-5054

Published: 24/09/2012 Updated: 30/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player prior to 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.

Affected Products

Vendor Product Versions
AdobeFlash Player2, 3, 4, 5, 6, 6.0.21.0, 6.0.79, 7.0, 7.0.1, 7.0.14.0, 7.0.19.0, 7.0.24.0, 7.0.25, 7.0.53.0, 7.0.60.0, 7.0.61.0, 7.0.63, 7.0.66.0, 7.0.67.0, 7.0.68.0, 7.0.69.0, 7.0.70.0, 7.0.73.0, 7.0 R67, 7.1, 7.1.1, 7.2, 8.0, 8.0.22.0, 8.0.24.0, 8.0.33.0, 8.0.34.0, 8.0.35.0, 8.0.39.0, 8.0.42.0, 9.0, 9.0.8.0, 9.0.9.0, 9.0.16, 9.0.18d60, 9.0.20, 9.0.20.0, 9.0.28, 9.0.28.0, 9.0.31, 9.0.31.0, 9.0.45.0, 9.0.47.0, 9.0.48.0, 9.0.112.0, 9.0.114.0, 9.0.115.0, 9.0.124.0, 9.0.125.0, 9.0.151.0, 9.0.152.0, 9.0.155.0, 9.0.159.0, 9.0.246.0, 9.0.260.0, 9.0.262.0, 9.0.277.0, 9.0.280, 9.0.283.0, 9.125.0, 10, 10.0.0.584, 10.0.2.54, 10.0.12.10, 10.0.12.36, 10.0.15.3, 10.0.22.87, 10.0.32.18, 10.0.42.34, 10.0.45.2, 10.1, 10.1.52.14, 10.1.52.14.1, 10.1.52.15, 10.1.53.64, 10.1.82.76, 10.1.85.3, 10.1.92.8, 10.1.92.10, 10.1.95.1, 10.1.95.2, 10.1.102.64, 10.1.105.6, 10.1.106.16, 10.1.106.17, 10.2.152, 10.2.152.26, 10.2.152.32, 10.2.152.33, 10.2.153.1, 10.2.154.13, 10.2.154.25, 10.2.156.12, 10.2.157.51, 10.2.159.1, 10.3.181.14, 10.3.181.16, 10.3.181.22, 10.3.181.23, 10.3.181.26, 10.3.181.34, 10.3.183.5, 10.3.183.7, 10.3.183.10, 10.3.183.11, 10.3.183.15, 10.3.183.16, 10.3.183.18, 10.3.183.19, 10.3.183.23, 10.3.185.22, 10.3.185.24, 10.3.186.3, 10.3.186.6, 10.3.186.7, 11.0, 11.0.1.152, 11.0.1.153, 11.1, 11.1.102.55, 11.1.102.59, 11.1.102.62, 11.1.102.63, 11.1.111.8, 11.1.115.7, 11.2.202.228, 11.2.202.233, 11.2.202.235, 11.2.202.238, 11.3.300.270, 11.3.300.271

Vendor Advisories

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalsecurity ...
Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes several security issues isnow available for Red Hat Enterprise Linux 5 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalsec ...

Recent Articles

Adobe Flash Player 0-day and HackingTeam’s Remote Control System
Securelist • Sergey Golovanov • 12 Feb 2013

Last week, Adobe released a patch for a vulnerability in Flash Player that was being exploited in targeted attacks.
Before reading any further, we recommend you to take a moment make sure you apply this patch. Adobe offers this nifty tool to check that you have the latest version of Flash Player.
If you are running Google Chrome, make sure you have version -24.0.1312.57 m- or later.
Now back to CVE-2013-0633, the critical vulnerability that was discovered and reported to Ado...