SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Adobe Flash Player Vendors:   Adobe Systems Incorporated
(Oracle Issues Fix for Solaris) Adobe Flash Player Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1027714
SecurityTracker URL:  http://securitytracker.com/id/1027714
CVE Reference:   CVE-2012-0772, CVE-2012-0773   (Links to External Site)
Date:  Oct 31 2012
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 11.1.102.63 and prior versions
Description:   Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted Flash content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A memory corruption error in URL security domain checking can trigger code execution in an ActiveX control, affecting Windows 7 or Vista only [CVE-2012-0772]. Microsoft Vulnerability Research (MSVR) reported this vulnerability.

A memory corruption error in the NetStream class can trigger code execution [CVE-2012-0773]. An anonymous researcher reported this vulnerability via TippingPoint's Zero Day Initiative.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   Oracle has issued a fix for Solaris.

The Oracle advisory is available at:

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer5

Vendor URL:  www.adobe.com/support/security/bulletins/apsb12-07.html (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  10

Message History:   This archive entry is a follow-up to the message listed below.
Mar 28 2012 Adobe Flash Player Lets Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC