CVE-2012-5277: Buffer Overflow
First published: Wed Nov 07 2012(Updated: )
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Macromedia Flash Player | >=10.3<10.3.183.43 | |
| Macromedia Flash Player | >=11.4<11.5.502.110 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| Macromedia Flash Player | >=11.2<11.2.202.251 | |
| Linux Kernel | ||
| Macromedia Flash Player | >=11.1<11.1.111.24 | |
| Android | >=2.0<=2.3.7 | |
| Android | >=3.0<=3.2.6 | |
| Macromedia Flash Player | >=11.1<11.1.115.27 | |
| Android | >=4.0<=4.4.4 | |
| Adobe | <3.5.0.600 | |
| Adobe AIR | <3.5.0.600 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.html
- http://rhn.redhat.com/errata/RHSA-2012-1431.html
- http://secunia.com/advisories/51186
- http://secunia.com/advisories/51207
- http://secunia.com/advisories/51213
- http://secunia.com/advisories/51245
- http://www.adobe.com/support/security/bulletins/apsb12-24.html
- http://www.securitytracker.com/id?1027730
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79848
Frequently Asked Questions
What is the severity of CVE-2012-5277?
CVE-2012-5277 has a high severity rating due to the buffer overflow vulnerability which can lead to remote code execution.
How do I fix CVE-2012-5277?
To fix CVE-2012-5277, update Adobe Flash Player to version 10.3.183.43 or later on Windows and Mac OS X, and to version 11.5.502.110 or later on other affected platforms.
Which versions are affected by CVE-2012-5277?
CVE-2012-5277 affects Adobe Flash Player versions before 10.3.183.43, 11.x before 11.5.502.110, and specific versions of Adobe AIR and Adobe AIR SDK.
Is CVE-2012-5277 applicable to Linux-based systems?
Yes, CVE-2012-5277 affects Linux systems running Adobe Flash Player versions before 11.2.202.251.
Can CVE-2012-5277 affect mobile devices?
Yes, CVE-2012-5277 affects Android devices running versions of Adobe Flash Player before 11.1.111.24 for Android 2.x and 3.x, and before 11.1.115.27 for Android 4.x.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/macromedia flash player
- version/macromedia flash player/10.3
- version/macromedia flash player/11.4
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system
- version/macromedia flash player/11.2
- vendor/linux
- canonical/linux kernel
- version/macromedia flash player/11.1
- vendor/google
- canonical/android
- version/android/2.0
- version/android/2.3.7
- version/android/3.0
- version/android/3.2.6
- version/android/4.0
- version/android/4.4.4
- canonical/adobe
- canonical/adobe air