Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C93DC6DF137307868C38645D758E578E
HistoryMar 08, 2012 - 12:00 a.m.

Adobe Flash Player MP4 Copyright Statement Overflow

2012-03-0800:00:00
SAINT Corporation
www.saintcorporation.com
35

0.973 High

EPSS

Percentile

99.9%

JSON

Added: 03/08/2012
CVE: CVE-2012-0754
BID: 52034
OSVDB: 79300

Background

Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.

Problem

Flash Player version prior to 11.1.102.62 do not properly validate the Copyright statement key (CPRT) in the tag information section of MP4 files. This may result in a heap overflow. An attacker may exploit this vulnerability by hosting a Flash applet on a website that loads a specially formatted MP4 file.

Resolution

Update to Flash Player 11.1.102.62 or newer.

References

<http://www.adobe.com/support/security/bulletins/apsb12-03.html&gt;
<http://contagiodump.blogspot.com/2012/03/mar-2-cve-2012-0754-irans-oil-and.html&gt;

Limitations

This exploit has been tested against Adobe Flash Player 11.1.102.55 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Windows 7 targets must have JRE 6 installed.

The user must open the exploit page using Firefox 11 (XP only), or Internet Explorer 7, 8, or 9.

This exploit uses a heap spray which depends on some conditions that may not always be met. Reliability of the exploit may vary depending on these conditions.

Platforms

Windows

Related

checkpoint_advisories 1
ubuntucve 1
securityvulns 3
cve 1
attackerkb 1
zdi 2
prion 1
threatpost 5
saint 3
metasploit 1
cisa_kev 1
seebug 2
packetstorm 1
symantec 1
exploitdb 1
suse 3
nessus 11
redhat 1
openvas 12
freebsd 1
gentoo 1
securelist 1
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player MP4 File Memory Corruption (APSB12-03; CVE-2012-0754)
2012-02-27 00:00:00
ubuntucve
ubuntucve
CVE-2012-0754
2012-02-16 00:00:00
securityvulns
securityvulns
ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability
2012-06-13 00:00:00
Adobe Flash Player multiple security vulnerabilities
2012-06-13 00:00:00
http://www.adobe.com/support/security/bulletins/apsb12-03.html
2012-02-16 00:00:00
cve
cve
CVE-2012-0754
2012-02-16 19:55:00
attackerkb
attackerkb
CVE-2012-0754
2012-02-16 00:00:00
zdi
zdi
Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability
2012-06-06 00:00:00
Adobe Flash ASconstructor Function Call Remote Code Execution Vulnerability
2012-03-22 00:00:00
prion
prion
Memory corruption
2012-02-16 19:55:00
threatpost
threatpost
Paul Judge on Measuring the Hotness of Security
2012-03-05 18:24:07
Months After A Patch, Targeted Attacks Still Using Adobe Flash Bug
2012-05-23 19:12:04
Attackers Target CVE-2012-0754 Adobe Flash Bug
2012-03-05 19:26:32
saint
saint
Adobe Flash Player MP4 Copyright Statement Overflow
2012-03-08 00:00:00
Adobe Flash Player MP4 Copyright Statement Overflow
2012-03-08 00:00:00
Adobe Flash Player MP4 Copyright Statement Overflow
2012-03-08 00:00:00
metasploit
metasploit
Adobe Flash Player MP4 'cprt' Overflow
2012-03-09 00:56:58
cisa_kev
cisa_kev
Adobe Flash Player Memory Corruption Vulnerability
2022-06-08 00:00:00
seebug
seebug
Adobe Flash Player .mp4 'cprt' Overflow"
2014-07-01 00:00:00
Adobe Flash PlayerθΏœη¨‹ε†…ε­˜η ΄εζΌζ΄ž(CVE-2012-0752)
2012-02-16 00:00:00
packetstorm
packetstorm
Adobe Flash Player .mp4 'cprt' Overflow
2012-03-08 00:00:00
symantec
symantec
Adobe Flash Player CVE-2012-0754 Remote Memory Corruption Vulnerability
2012-02-15 00:00:00
exploitdb
exploitdb
Adobe Flash Player - &#039;.mp4 cprt&#039; Remote Overflow (Metasploit)
2012-03-08 00:00:00
suse
suse
Security update for flash-player (critical)
2012-02-27 01:08:18
Security update for flash-player (critical)
2012-02-18 10:08:24
flash-player to 11.1.102.62 (critical)
2012-02-17 13:08:21
nessus
nessus
SuSE 10 Security Update : flash-player (ZYPP Patch Number 7982)
2012-02-27 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2012:0144)
2012-02-20 00:00:00
Flash Player for Mac <= 10.3.183.14 / 11.1.102.62 Multiple Vulnerabilities (APSB12-03)
2012-02-17 00:00:00
redhat
redhat
(RHSA-2012:0144) Critical: flash-plugin security update
2012-02-17 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities (Feb 2012) - Mac OS X
2012-02-22 00:00:00
Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12
2012-02-22 00:00:00
Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12
2012-02-22 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2012-02-15 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2012-04-17 00:00:00
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34

0.973 High

EPSS

Percentile

99.9%

JSON
Related for SAINT:C93DC6DF137307868C38645D758E578E
checkpoint_advisories1ubuntucve1securityvulns3cve1attackerkb1zdi2prion1threatpost5saint3metasploit1cisa_kev1seebug2packetstorm1symantec1exploitdb1suse3nessus11redhat1openvas12freebsd1gentoo1securelist1