Vulnerability Name:

CVE-2012-2040 (CCN-76196)

Assigned:2012-06-08
Published:2012-06-08
Updated:2021-09-08
Summary:Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-426
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-2040

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2012:0723

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SU-2012:0724

Source: CCN
Type: SA49388
Adobe Flash Player Multiple Vulnerabilities

Source: CCN
Type: SA49503
Chrome Flash Player Multiple Vulnerabilities

Source: CCN
Type: Adobe Product Security Bulletin APSB12-14
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb12-14.html

Source: CCN
Type: OSVDB ID: 82725
Adobe Flash Player Installer Binary File Planting Remote Code Execution

Source: CCN
Type: BID-53887
Adobe Flash Player APSB12-14 Multiple Security Vulnerabilities

Source: XF
Type: UNKNOWN
afp-binary-code-execution(76196)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.2.202.235)
  • AND
  • cpe:/o:apple:macos:-:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.1.115.8)
  • AND
  • cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 4.0 and <= 4.4.4)

  • Configuration 3:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.1.111.9)
  • AND
  • cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 2.0 and <= 3.2.6)

  • Configuration 4:
  • cpe:/a:adobe:air:*:*:*:*:*:*:*:* (Version <= 3.2.0.2070)
  • AND
  • cpe:/o:apple:macos:-:*:*:*:*:*:*:*
  • OR cpe:/o:google:android:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.1.102.64:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.2.154.13:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.2.152.33:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.2.153.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.2.154.25:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.2.156.12:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.2.157.51:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.2.159.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:10.3.181.34:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:11.01.152:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:11.01.153:*:*:*:*:*:*:*
  • AND
  • cpe:/a:google:chrome:19.0.1028.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:52002
    P
    Security update for haproxy (Critical)
    2023-02-14
    oval:org.opensuse.security:def:51934
    P
    Security update for python3 (Important)
    2022-10-06
    oval:org.opensuse.security:def:5302
    P
    Security update for postgresql12 (Important) (in QA)
    2022-08-31
    oval:org.opensuse.security:def:5335
    P
    Security update for postgresql10 (Important)
    2022-08-26
    oval:org.opensuse.security:def:5277
    P
    Security update for the Linux Kernel (Important)
    2022-06-20
    oval:org.opensuse.security:def:20122040
    V
    CVE-2012-2040
    2022-05-20
    oval:org.opensuse.security:def:6026
    P
    Security update for xen (Moderate)
    2022-05-03
    oval:org.opensuse.security:def:5366
    P
    Security update for flac (Moderate)
    2022-03-14
    oval:org.opensuse.security:def:5353
    P
    Security update for php72 (Moderate)
    2022-02-25
    oval:org.opensuse.security:def:5344
    P
    Security update for xen (Important)
    2022-02-17
    oval:org.opensuse.security:def:6004
    P
    Security update for MozillaFirefox (Important)
    2022-01-18
    oval:org.opensuse.security:def:10711
    P
    Security update for MozillaThunderbird (Important)
    2022-01-12
    oval:org.opensuse.security:def:51768
    P
    Security update for apache2 (Important)
    2022-01-12
    oval:org.opensuse.security:def:5168
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:10663
    P
    Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:5132
    P
    Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:5121
    P
    Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:51662
    P
    Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)
    2021-09-23
    oval:org.opensuse.security:def:5119
    P
    Security update for MozillaFirefox (Important)
    2021-09-22
    oval:org.opensuse.security:def:5110
    P
    Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:10692
    P
    Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:5101
    P
    Security update for openexr (Important)
    2021-09-02
    oval:org.opensuse.security:def:5792
    P
    Security update for apache-commons-compress (Important)
    2021-08-05
    oval:org.opensuse.security:def:5770
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:5075
    P
    Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:5068
    P
    Security update for libgcrypt (Important)
    2021-06-24
    oval:org.opensuse.security:def:17049
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48718
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11300
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11465
    P
    sysvinit-tools-2.88+-94.13 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:76596
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11534
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11487
    P
    zoo-2.10-1020.62 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11513
    P
    cups-pk-helper-0.2.5-3.75 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:76830
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17001
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11535
    P
    freerdp-1.0.2-7.9 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10644
    P
    Security update for the Linux Kernel (Important)
    2021-06-08
    oval:org.opensuse.security:def:48670
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:5053
    P
    Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:10677
    P
    Security update for MozillaThunderbird (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:51896
    P
    Security update for djvulibre (Important)
    2021-05-31
    oval:org.opensuse.security:def:5045
    P
    Security update for postgresql10 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:5043
    P
    Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:38122
    P
    Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:38103
    P
    Security update for clamav (Important)
    2021-04-14
    oval:org.opensuse.security:def:5202
    P
    Security update for openssl-1_1 (Important)
    2021-03-25
    oval:org.opensuse.security:def:5183
    P
    Security update for ImageMagick (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:51723
    P
    Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:51485
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:4968
    P
    Security update for PackageKit (Low)
    2020-12-22
    oval:org.opensuse.security:def:51088
    P
    Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)
    2020-12-07
    oval:org.opensuse.security:def:51089
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)
    2020-12-07
    oval:org.opensuse.security:def:10584
    P
    Security update for MozillaThunderbird (Important)
    2020-12-07
    oval:org.opensuse.security:def:4934
    P
    Security update for libvirt (Important)
    2020-12-02
    oval:org.opensuse.security:def:4819
    P
    Security update for apache2 (Important)
    2020-12-02
    oval:org.opensuse.security:def:4949
    P
    Security update for spice-gtk (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4841
    P
    Security update for 389-ds (Important)
    2020-12-02
    oval:org.opensuse.security:def:4887
    P
    Security update for xen (Important)
    2020-12-02
    oval:org.opensuse.security:def:4811
    P
    Security update for apache2 (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:37319
    P
    radvd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37697
    P
    update-alternatives on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37356
    P
    xdg-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37688
    P
    sysvinit-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38054
    P
    rrdtool on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10827
    P
    ocaml on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10862
    P
    xfig on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10536
    P
    libraptor-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52493
    P
    Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53962
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10562
    P
    libwmf-0_2-7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52653
    P
    Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54122
    P
    squashfs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52327
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:38166
    P
    dbus-1-glib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52453
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38170
    P
    dovecot22 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37403
    P
    cracklib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37787
    P
    ft2demos on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37367
    P
    yast2-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37745
    P
    busybox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51322
    P
    Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:10875
    P
    aaa_base-malloccheck on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10582
    P
    pam-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10738
    P
    libgnutls-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52531
    P
    Security update for munge (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52727
    P
    Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54196
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51111
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38055
    P
    rsync on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38804
    P
    sudo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51323
    P
    Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52561
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:38214
    P
    gv on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10506
    P
    libidn-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37539
    P
    libjbig2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37947
    P
    libpulse-mainloop-glib0-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37451
    P
    grub2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37835
    P
    krb5-appl-clients on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10805
    P
    libunrar-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37307
    P
    ppc64-diag on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10629
    P
    augeas-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10763
    P
    libneon-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52612
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:10630
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:10786
    P
    librsvg-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52765
    P
    Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:51251
    P
    Security update for djvulibre (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38094
    P
    wpa_supplicant on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38846
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51345
    P
    Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38852
    P
    gnome-shell-calendar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37308
    P
    ppp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37640
    P
    perl-Config-IniFiles on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38006
    P
    mozilla-nspr-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10554
    P
    libtiff-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37587
    P
    libspice-server1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37995
    P
    libz1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10814
    P
    libxslt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10853
    P
    systemtap-sdt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10514
    P
    libksba-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52419
    P
    Security update for libqt5-qtbase (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53888
    P
    Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37355
    P
    xalan-j2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10811
    P
    libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52846
    P
    Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:51489
    P
    Security update for python3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:52219
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52168
    P
    Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:38142
    P
    bubblewrap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38894
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:20682
    V
    Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 and Adobe AIR before 3.3.0.3610 on Windows, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory
    2014-09-22
    oval:com.ubuntu.precise:def:20122040000
    V
    CVE-2012-2040 on Ubuntu 12.04 LTS (precise) - untriaged.
    2012-06-08
    BACK
    adobe flash player *
    apple macos -
    linux linux kernel -
    microsoft windows -
    adobe flash player *
    google android *
    adobe flash player *
    google android *
    adobe air *
    apple macos -
    google android -
    microsoft windows -
    opensuse opensuse 11.4
    opensuse opensuse 12.1
    suse linux enterprise desktop 10 sp4
    suse linux enterprise desktop 11 sp1
    suse linux enterprise desktop 11 sp2
    adobe flash player 10.0.12.10
    adobe flash player 10.0.0.584
    adobe flash player 10.0.12.36
    adobe flash player 10.0.22.87
    adobe flash player 10.0.32.18
    adobe flash player 10.1.85.3
    adobe flash player 10.1.95.2
    adobe flash player 10.1.102.64
    adobe flash player 10.2.154.13
    adobe flash player 10.2.152.33
    adobe flash player 10.2.153.1
    adobe flash player 10.2.154.25
    adobe flash player 10.2.156.12
    adobe flash player 10.2.157.51
    adobe flash player 10.2.159.1
    adobe flash player 10.3.181.34
    adobe flash player 11.01.152
    adobe flash player 11.01.153
    google chrome 19.0.1028.0