CVE-2012-0767: Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
First published: Thu Feb 16 2012(Updated: )
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
Credit: psirt@adobe.com psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | ||
| All of | ||
| Any of | ||
| Macromedia Flash Player | <10.3.183.15 | |
| Macromedia Flash Player | >=11.0<11.1.102.62 | |
| Any of | ||
| Apple iOS and macOS | ||
| Linux Kernel | ||
| Microsoft Windows Operating System | ||
| Oracle Solaris and Zettabyte File System (ZFS) | ||
| All of | ||
| Macromedia Flash Player | <11.1.111.6 | |
| Android | >=2.0<=3.2 | |
| All of | ||
| Macromedia Flash Player | <11.1.115.6 | |
| Android | =4.0 | |
| Macromedia Flash Player | <10.3.183.15 | |
| Macromedia Flash Player | >=11.0<11.1.102.62 | |
| Apple iOS and macOS | ||
| Linux Kernel | ||
| Microsoft Windows Operating System | ||
| Oracle Solaris and Zettabyte File System (ZFS) | ||
| Macromedia Flash Player | <11.1.111.6 | |
| Android | >=2.0<=3.2 | |
| Macromedia Flash Player | <11.1.115.6 | |
| Android | =4.0 |
Remedy
The impacted product is end-of-life and should be disconnected if still in use.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
- http://rhn.redhat.com/errata/RHSA-2012-0144.html
- http://secunia.com/advisories/48265
- http://secunia.com/advisories/48819
- http://security.gentoo.org/glsa/glsa-201204-07.xml
- http://www.adobe.com/support/security/bulletins/apsb12-03.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933
- https://nvd.nist.gov/vuln/detail/CVE-2012-0767
Frequently Asked Questions
What is the severity of CVE-2012-0767?
CVE-2012-0767 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2012-0767?
To fix CVE-2012-0767, update Adobe Flash Player to versions 10.3.183.15 or 11.1.102.62 and higher.
Which software is affected by CVE-2012-0767?
CVE-2012-0767 affects Adobe Flash Player versions prior to 10.3.183.15 and 11.x before 11.1.102.62.
Can CVE-2012-0767 affect Android devices?
Yes, CVE-2012-0767 affects Adobe Flash Player on Android versions 2.x, 3.x, and 4.x before specific updates.
What are the implications of CVE-2012-0767?
The implications of CVE-2012-0767 include the potential for attackers to inject arbitrary web scripts into the browser.
- agent/type
- agent/remedy
- agent/description
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/references
- agent/author
- agent/trending
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- collector/nvd-index
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/11.0
- vendor/apple
- canonical/apple ios and macos
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/oracle
- canonical/oracle solaris and zettabyte file system (zfs)
- vendor/google
- canonical/android
- version/android/2.0
- version/android/3.2
- version/android/4.0