Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAlexander GavrunZDI-12-047
HistoryMar 22, 2012 - 12:00 a.m.

Adobe Flash ASconstructor Function Call Remote Code Execution Vulnerability

2012-03-2200:00:00
Alexander Gavrun
www.zerodayinitiative.com
16

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe Flash player handles calls to the _global.ASconstructor function. If this function is called with id β€˜2200’ it will write a 0x01 byte to a user supplied address. This memory corruption can result in remote code execution under the context of the current user.

Related

checkpoint_advisories 1
ubuntucve 1
securityvulns 3
cve 1
prion 1
threatpost 5
saint 4
metasploit 1
cisa_kev 1
attackerkb 1
zdi 1
symantec 1
seebug 2
packetstorm 1
exploitdb 1
openvas 12
nessus 11
suse 3
redhat 1
freebsd 1
gentoo 1
securelist 1
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player MP4 File Memory Corruption (APSB12-03; CVE-2012-0754)
2012-02-27 00:00:00
ubuntucve
ubuntucve
CVE-2012-0754
2012-02-16 00:00:00
securityvulns
securityvulns
ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability
2012-06-13 00:00:00
Adobe Flash Player multiple security vulnerabilities
2012-06-13 00:00:00
http://www.adobe.com/support/security/bulletins/apsb12-03.html
2012-02-16 00:00:00
cve
cve
CVE-2012-0754
2012-02-16 19:55:00
prion
prion
Memory corruption
2012-02-16 19:55:00
threatpost
threatpost
Paul Judge on Measuring the Hotness of Security
2012-03-05 18:24:07
Months After A Patch, Targeted Attacks Still Using Adobe Flash Bug
2012-05-23 19:12:04
Attackers Target CVE-2012-0754 Adobe Flash Bug
2012-03-05 19:26:32
saint
saint
Adobe Flash Player MP4 Copyright Statement Overflow
2012-03-08 00:00:00
Adobe Flash Player MP4 Copyright Statement Overflow
2012-03-08 00:00:00
Adobe Flash Player MP4 Copyright Statement Overflow
2012-03-08 00:00:00
metasploit
metasploit
Adobe Flash Player MP4 'cprt' Overflow
2012-03-09 00:56:58
cisa_kev
cisa_kev
Adobe Flash Player Memory Corruption Vulnerability
2022-06-08 00:00:00
attackerkb
attackerkb
CVE-2012-0754
2012-02-16 00:00:00
zdi
zdi
Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability
2012-06-06 00:00:00
symantec
symantec
Adobe Flash Player CVE-2012-0754 Remote Memory Corruption Vulnerability
2012-02-15 00:00:00
seebug
seebug
Adobe Flash Player .mp4 'cprt' Overflow"
2014-07-01 00:00:00
Adobe Flash PlayerθΏœη¨‹ε†…ε­˜η ΄εζΌζ΄ž(CVE-2012-0752)
2012-02-16 00:00:00
packetstorm
packetstorm
Adobe Flash Player .mp4 'cprt' Overflow
2012-03-08 00:00:00
exploitdb
exploitdb
Adobe Flash Player - '.mp4 cprt' Remote Overflow (Metasploit)
2012-03-08 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities (Linux) - Feb12
2012-02-22 00:00:00
Adobe Flash Player Multiple Vulnerabilities (Mac OS X) - Feb12
2012-02-22 00:00:00
Adobe Flash Player Multiple Vulnerabilities (Feb 2012) - Linux
2012-02-22 00:00:00
nessus
nessus
SuSE 10 Security Update : flash-player (ZYPP Patch Number 7982)
2012-02-27 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2012:0144)
2012-02-20 00:00:00
Flash Player for Mac <= 10.3.183.14 / 11.1.102.62 Multiple Vulnerabilities (APSB12-03)
2012-02-17 00:00:00
suse
suse
Security update for flash-player (critical)
2012-02-27 01:08:18
Security update for flash-player (critical)
2012-02-18 10:08:24
flash-player to 11.1.102.62 (critical)
2012-02-17 13:08:21
redhat
redhat
(RHSA-2012:0144) Critical: flash-plugin security update
2012-02-17 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2012-02-15 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2012-04-17 00:00:00
securelist
securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
2017-11-16 10:00:34

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for ZDI-12-047
checkpoint_advisories1ubuntucve1securityvulns3cve1prion1threatpost5saint4metasploit1cisa_kev1attackerkb1zdi1symantec1seebug2packetstorm1exploitdb1openvas12nessus11suse3redhat1freebsd1gentoo1securelist1