CVE-2012-0751 - The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows

CVE-2012-0751

Summary

The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

References

Vulnerable Configurations

Adobe Flash Player 2
cpe:2.3:a:adobe:flash_player:2
Adobe Flash Player 3
cpe:2.3:a:adobe:flash_player:3
Adobe Flash Player 4
cpe:2.3:a:adobe:flash_player:4
Adobe Flash Player 5
cpe:2.3:a:adobe:flash_player:5
Adobe Flash Player 6
cpe:2.3:a:adobe:flash_player:6
Adobe Flash Player 6.0.21.0
cpe:2.3:a:adobe:flash_player:6.0.21.0
Adobe Flash Player 6.0.79
cpe:2.3:a:adobe:flash_player:6.0.79
cpe:2.3:a:adobe:flash_player:7.0
Adobe Flash MX 2004
cpe:2.3:a:adobe:flash_player:7.0.1
Adobe Flash MX 2004 7.0.14.0
cpe:2.3:a:adobe:flash_player:7.0.14.0
Adobe Flash MX 2004 7.0.19.0
cpe:2.3:a:adobe:flash_player:7.0.19.0
Adobe Flash MX 2004 7.0.24.0
cpe:2.3:a:adobe:flash_player:7.0.24.0
cpe:2.3:a:adobe:flash_player:7.0.25
Adobe Flash MX 2004 7.0.53.0
cpe:2.3:a:adobe:flash_player:7.0.53.0
Adobe Flash MX 2004 7.0.60.0
cpe:2.3:a:adobe:flash_player:7.0.60.0
Adobe Flash MX 2004 7.0.61.0
cpe:2.3:a:adobe:flash_player:7.0.61.0
Adobe Flash Player 7.0.63
cpe:2.3:a:adobe:flash_player:7.0.63
Adobe Flash MX 2004 7.0.66.0
cpe:2.3:a:adobe:flash_player:7.0.66.0
Adobe Flash MX 2004 7.0.67.0
cpe:2.3:a:adobe:flash_player:7.0.67.0
Adobe Flash MX 2004 7.0.68.0
cpe:2.3:a:adobe:flash_player:7.0.68.0
Adobe Flash Player 7.0.69.0
cpe:2.3:a:adobe:flash_player:7.0.69.0
Adobe Flash Player 7.0.70.0
cpe:2.3:a:adobe:flash_player:7.0.70.0
Adobe Flash MX 2004 7.0.73.0
cpe:2.3:a:adobe:flash_player:7.0.73.0
Adobe Flash MX 2004
cpe:2.3:a:adobe:flash_player:7.1
cpe:2.3:a:adobe:flash_player:7.1.1
Adobe Flash MX 2004
cpe:2.3:a:adobe:flash_player:7.2
Adobe Flash Player 8.0
cpe:2.3:a:adobe:flash_player:8.0
Adobe Flash Player 8.0.22.0
cpe:2.3:a:adobe:flash_player:8.0.22.0
Adobe Flash 8.0.24.0
cpe:2.3:a:adobe:flash_player:8.0.24.0
Adobe Flash Player 8.0.33.0
cpe:2.3:a:adobe:flash_player:8.0.33.0
cpe:2.3:a:adobe:flash_player:8.0.34.0
Adobe Flash Player 8.0.35.0
cpe:2.3:a:adobe:flash_player:8.0.35.0
Adobe Flash Player 8.0.39.0
cpe:2.3:a:adobe:flash_player:8.0.39.0
Adobe Flash Player 8.0.42.0
cpe:2.3:a:adobe:flash_player:8.0.42.0
Adobe Flash Player 9.0
cpe:2.3:a:adobe:flash_player:9.0
Adobe Flash Player 9.0.289.0
cpe:2.3:a:adobe:flash_player:9.0.9.0
cpe:2.3:a:adobe:flash_player:9.0.16
cpe:2.3:a:adobe:flash_player:9.0.18d60
cpe:2.3:a:adobe:flash_player:9.0.20
cpe:2.3:a:adobe:flash_player:9.0.20.0
cpe:2.3:a:adobe:flash_player:9.0.28
Adobe Flash Player 9.0.28.0
cpe:2.3:a:adobe:flash_player:9.0.28.0
cpe:2.3:a:adobe:flash_player:9.0.31
cpe:2.3:a:adobe:flash_player:9.0.31.0
cpe:2.3:a:adobe:flash_player:9.0.45.0
Adobe Flash Player 9.0.47.0
cpe:2.3:a:adobe:flash_player:9.0.47.0
cpe:2.3:a:adobe:flash_player:9.0.48.0
Adobe Flash Player 9.0.112.0
cpe:2.3:a:adobe:flash_player:9.0.112.0
cpe:2.3:a:adobe:flash_player:9.0.114.0
Adobe Flash Player 9.0.115.0
cpe:2.3:a:adobe:flash_player:9.0.115.0
Adobe Flash Player 9.0.124.0
cpe:2.3:a:adobe:flash_player:9.0.124.0
Adobe Flash Player 9.0.125.0
cpe:2.3:a:adobe:flash_player:9.0.125.0
Adobe Flash Player 9.0.151.0
cpe:2.3:a:adobe:flash_player:9.0.151.0
Adobe Flash Player 9.0.152.0
cpe:2.3:a:adobe:flash_player:9.0.152.0
Adobe Flash 9.0.155.0
cpe:2.3:a:adobe:flash_player:9.0.155.0
Adobe Flash Player 9.0.159.0
cpe:2.3:a:adobe:flash_player:9.0.159.0
Adobe Flash Player 9.0.246.0
cpe:2.3:a:adobe:flash_player:9.0.246.0
Adobe Flash Player 9.0.260.0
cpe:2.3:a:adobe:flash_player:9.0.260.0
Adobe Flash Player 9.0.262.0
cpe:2.3:a:adobe:flash_player:9.0.262.0
Adobe Flash Player 9.0.277.0
cpe:2.3:a:adobe:flash_player:9.0.277.0
Adobe Flash Player 9.0.280
cpe:2.3:a:adobe:flash_player:9.0.280
Adobe Flash Player 9.0.283.0
cpe:2.3:a:adobe:flash_player:9.0.283.0
Adobe Flash Player 9.125.0
cpe:2.3:a:adobe:flash_player:9.125.0
Adobe Flash Player 10
cpe:2.3:a:adobe:flash_player:10
Adobe Flash Player 10.0.0.584
cpe:2.3:a:adobe:flash_player:10.0.0.584
Adobe Flash Player 10.0.12.10
cpe:2.3:a:adobe:flash_player:10.0.12.10
Adobe Flash Player 10.0.12.36
cpe:2.3:a:adobe:flash_player:10.0.12.36
Adobe Flash Player 10.0.15.3
cpe:2.3:a:adobe:flash_player:10.0.15.3
Adobe Flash Player 10.0.22.87
cpe:2.3:a:adobe:flash_player:10.0.22.87
Adobe Flash Player 10.0.32.18
cpe:2.3:a:adobe:flash_player:10.0.32.18
Adobe Flash Player 10.0.42.34
cpe:2.3:a:adobe:flash_player:10.0.42.34
Adobe Flash Player 10.0.45.2
cpe:2.3:a:adobe:flash_player:10.0.45.2
Adobe Flash Player 10.1
cpe:2.3:a:adobe:flash_player:10.1
Adobe Flash Player 10.1.52.14.1
cpe:2.3:a:adobe:flash_player:10.1.52.14.1
Adobe Flash Player 10.1.52.15
cpe:2.3:a:adobe:flash_player:10.1.52.15
Adobe Flash Player 10.1.53.64
cpe:2.3:a:adobe:flash_player:10.1.53.64
Adobe Flash Player 10.1.82.76
cpe:2.3:a:adobe:flash_player:10.1.82.76
Adobe Flash Player 10.1.85.3
cpe:2.3:a:adobe:flash_player:10.1.85.3
Adobe Flash Player 10.1.92.8
cpe:2.3:a:adobe:flash_player:10.1.92.8
Adobe Flash Player 10.1.92.10
cpe:2.3:a:adobe:flash_player:10.1.92.10
Adobe Flash Player 10.1.95.1
cpe:2.3:a:adobe:flash_player:10.1.95.1
Adobe Flash Player 10.1.95.2
cpe:2.3:a:adobe:flash_player:10.1.95.2
Adobe Flash Player 10.1.102.64
cpe:2.3:a:adobe:flash_player:10.1.102.64
Adobe Flash Player 10.1.105.6
cpe:2.3:a:adobe:flash_player:10.1.105.6
Adobe Flash Player 10.1.106.16
cpe:2.3:a:adobe:flash_player:10.1.106.16
Adobe Flash Player 10.2.152
cpe:2.3:a:adobe:flash_player:10.2.152
Adobe Flash Player 10.2.152.26
cpe:2.3:a:adobe:flash_player:10.2.152.26
Adobe Flash Player 10.2.152.32
cpe:2.3:a:adobe:flash_player:10.2.152.32
Adobe Flash Player 10.2.152.33
cpe:2.3:a:adobe:flash_player:10.2.152.33
Adobe Flash Player 10.2.153.1
cpe:2.3:a:adobe:flash_player:10.2.153.1
Adobe Flash Player 10.2.154.13
cpe:2.3:a:adobe:flash_player:10.2.154.13
Adobe Flash Player 10.2.154.25
cpe:2.3:a:adobe:flash_player:10.2.154.25
Adobe Flash Player 10.2.156.12
cpe:2.3:a:adobe:flash_player:10.2.156.12
Adobe Flash Player 10.2.157.51
cpe:2.3:a:adobe:flash_player:10.2.157.51
Adobe Flash Player 10.2.159.1
cpe:2.3:a:adobe:flash_player:10.2.159.1
Adobe Flash Player 10.3.181.14
cpe:2.3:a:adobe:flash_player:10.3.181.14
Adobe Flash Player 10.3.181.16
cpe:2.3:a:adobe:flash_player:10.3.181.16
Adobe Flash Player 10.3.181.22
cpe:2.3:a:adobe:flash_player:10.3.181.22
Adobe Flash Player 10.3.181.26
cpe:2.3:a:adobe:flash_player:10.3.181.26
Adobe Flash Player 10.3.181.34
cpe:2.3:a:adobe:flash_player:10.3.181.34
Adobe Flash Player 10.3.183.5
cpe:2.3:a:adobe:flash_player:10.3.183.5
Adobe Flash Player 10.3.183.7
cpe:2.3:a:adobe:flash_player:10.3.183.7
Adobe Flash Player 10.3.183.10
cpe:2.3:a:adobe:flash_player:10.3.183.10
Adobe Flash Player 10.3.183.11
cpe:2.3:a:adobe:flash_player:10.3.183.11
Apple Mac OS X
cpe:2.3:o:apple:mac_os_x
Linux Kernel
cpe:2.3:o:linux:linux_kernel
Microsoft Windows
cpe:2.3:o:microsoft:windows
Adobe Flash Player 11.0
cpe:2.3:a:adobe:flash_player:11.0
Adobe Flash Player 11.0.1.152
cpe:2.3:a:adobe:flash_player:11.0.1.152
Adobe Flash Player 11.0.1.153
cpe:2.3:a:adobe:flash_player:11.0.1.153
Adobe Flash Player 11.1
cpe:2.3:a:adobe:flash_player:11.1
Adobe Flash Player 11.1.102.55
cpe:2.3:a:adobe:flash_player:11.1.102.55
Apple Mac OS X
cpe:2.3:o:apple:mac_os_x
Linux Kernel
cpe:2.3:o:linux:linux_kernel
Microsoft Windows
cpe:2.3:o:microsoft:windows
Sun SunOS (formerly Solaris)
cpe:2.3:o:sun:sunos

CVSS

Base:	10.0 (as of 17-02-2012 - 08:04)
Impact:
Exploitability:

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

nessus via4

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_F63BF080619D11E191AF003067B2972C.NASL
description	These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
last seen	2019-02-21
modified	2018-11-10
plugin id	58138
published	2012-02-28
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=58138
title	FreeBSD : linux-flashplugin -- multiple vulnerabilities (f63bf080-619d-11e1-91af-003067b2972c)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_4_FLASH-PLAYER-120216.NASL
description	flash-player was updated to the security update to 11.1.102.62. It fixes lots of security issues, some already exploited in the wild. Details can be found on: https://www.adobe.com/support/security/bulletins/apsb12-03.h tml These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only).
last seen	2019-02-21
modified	2018-11-10
plugin id	75841
published	2014-06-13
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=75841
title	openSUSE Security Update : flash-player (openSUSE-SU-2012:0265-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-98.NASL
description	- Update to 11.1.102.62: (bnc#747297) https://www.adobe.com/support/security/bulletins/apsb12- 03.html CVEs fixed: CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767
last seen	2019-02-21
modified	2018-02-15
plugin id	74858
published	2014-06-13
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=74858
title	openSUSE Security Update : flash-player (openSUSE-2012-98)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_FLASH-PLAYER-120216.NASL
description	flash-player was updated to version 11.1.102.62. It fixes lots of security issues, some already exploited in the wild. Details can be found at : https://www.adobe.com/support/security/bulletins/apsb12-03.html These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only).
last seen	2019-02-21
modified	2018-02-15
plugin id	57996
published	2012-02-17
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=57996
title	SuSE 11.1 Security Update : flash-player (SAT Patch Number 5817)

NASL family	Windows
NASL id	FLASH_PLAYER_APSB12-03.NASL
description	According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.14 or 11.x equal to or earlier than 11.1.102.55. It is, therefore, reportedly affected by several critical vulnerabilities : - Multiple unspecified memory corruption issues exist that could lead to code execution. (CVE-2012-0751, CVE-2012-0754) - An unspecified type confusion memory corruption vulnerability exists that could lead to code execution. (CVE-2012-0752) - An MP4 parsing memory corruption issue exists that could lead to code execution. (CVE-2012-0753) - Multiple unspecified security bypass vulnerabilities exist that could lead to code execution. (CVE-2012-0755, CVE-2012-0756) - A universal cross-site scripting issue exists that could be used to take actions on a user's behalf on any website or webmail provider. (CVE-2012-0767)
last seen	2019-02-21
modified	2018-11-15
plugin id	58001
published	2012-02-17
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=58001
title	Flash Player <= 10.3.183.14 / 11.1.102.55 Multiple Vulnerabilities (APSB12-03)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_ADOBE_READER_APSB12-08.NASL
description	The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1.3 or 9.5.1. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition exists that allows an attacker to execute arbitrary code via a crafted True Type Font (TFF). (CVE-2012-0774) - A memory corruption issue exists in JavaScript handling that allows an attacker to execute arbitrary code. (CVE-2012-0775) - A security bypass vulnerability exists in the Adobe Reader installer that allows an attacker to execute arbitrary code. (CVE-2012-0776) - A memory corruption issue exists in the JavaScript API that allows an attacker to execute arbitrary code or cause a denial of service. (CVE-2012-0777) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
last seen	2019-02-21
modified	2018-07-14
plugin id	58684
published	2012-04-11
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=58684
title	Adobe Reader < 10.1.3 / 9.5.1 Multiple Vulnerabilities (APSB12-03, APSB12-05, APSB12-07, APSB12-08) (Mac OS X)

oval via4

accepted

2015-08-03T04:00:54.324-04:00

class

vulnerability

contributors

name Scott Quint
organization DTCC
name Josh Turpin
organization Symantec Corporation
name Shane Shaffer
organization G2, Inc.
name Shane Shaffer
organization G2, Inc.
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Evgeniy Pavlov
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Adobe Flash Player 10 is installed
oval oval:org.mitre.oval:def:7610
comment Adobe Flash Player 9 is installed
oval oval:org.mitre.oval:def:7402
comment Adobe Flash Player is installed
oval oval:org.mitre.oval:def:6700
comment Adobe Flash Player is installed
oval oval:org.mitre.oval:def:6700
comment Adobe Flash Player is installed
oval oval:org.mitre.oval:def:6700
comment Adobe Flash Player is installed
oval oval:org.mitre.oval:def:6700
comment Adobe Flash Player is installed
oval oval:org.mitre.oval:def:6700
comment Adobe Flash Player is installed
oval oval:org.mitre.oval:def:6700
comment Adobe Flash Player is installed
oval oval:org.mitre.oval:def:6700
comment Adobe Flash Player 11 is installed
oval oval:org.mitre.oval:def:13071
comment ActiveX Control is installed
oval oval:org.mitre.oval:def:26707

description

family

windows

oval:org.mitre.oval:def:14985

status

accepted

submitted

2012-02-22T08:21:20.000-05:00

title

version

refmap via4

confirm	http://www.adobe.com/support/security/bulletins/apsb12-03.html
secunia	48265
suse	openSUSE-SU-2012:0265

Last major update

15-11-2013 - 00:33

Published

16-02-2012 - 14:55

Last modified

30-10-2018 - 12:26