SAINT CorporationSAINT:9D986423B6C5EC5230B363E85437DF97Adobe Flash Player Object Confusion Code Execution
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.776 High
EPSS
Percentile
97.9%
Added: 06/29/2012
CVE: CVE-2012-0779
BID: 53395
OSVDB: 81656
Background
Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.
Problem
Adobe Flash Player 11.2.202.233 (and earlier) on Windows is vulnerable to an βobject confusionβ vulnerability. A remote attacker who convinces a user with the vulnerable Flash Player to open a specially crafted file could exploit this issue to execute arbitrary code in the context of the user running the affected application.
Resolution
Update to Flash Player 11.2.202.235 or newer on Windows systems.
References
<http://www.adobe.com/support/security/bulletins/apsb12-09.html>
<http://blogs.technet.com/b/mmpc/archive/2012/05/24/a-technical-analysis-of-adobe-flash-player-cve-2012-0779-vulnerability.aspx>
Limitations
This exploit has been tested against Adobe Systems Flash Player 11.2.202.233 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).
The HTML page must be opened using Firefox 12 (only on Windows XP) or Internet Explorer 7, 8, or 9 on the target.
JRE 6 must be installed on Windows 7.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.776 High
EPSS
Percentile
97.9%