CVE-2012-0772

2012-03-2819:55:00

CWE-119

[email protected]

web.nvd.nist.gov

100

adobe flash player

air

activex control

remote attackers

arbitrary code

denial of service

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.031 Low

EPSS

Percentile

90.9%

JSON

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle10.3.183.16
adobe:flash_playeradobe flash playereq2
adobe:flash_playeradobe flash playereq3
adobe:flash_playeradobe flash playereq4
adobe:flash_playeradobe flash playereq5
adobe:flash_playeradobe flash playereq6
adobe:flash_playeradobe flash playereq6.0.21.0
adobe:flash_playeradobe flash playereq6.0.79
adobe:flash_playeradobe flash playereq7.0
adobe:flash_playeradobe flash playereq7.0.1

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	10.3.183.16
adobe:flash_player	adobe flash player	eq	2
adobe:flash_player	adobe flash player	eq	3
adobe:flash_player	adobe flash player	eq	4
adobe:flash_player	adobe flash player	eq	5
adobe:flash_player	adobe flash player	eq	6
adobe:flash_player	adobe flash player	eq	6.0.21.0
adobe:flash_player	adobe flash player	eq	6.0.79
adobe:flash_player	adobe flash player	eq	7.0
adobe:flash_player	adobe flash player	eq	7.0.1