Vulnerability CVE-2012-5676

Vulnerability Name:

CVE-2012-5676 (CCN-80617)

Assigned:

2012-12-11

Published:

2012-12-11

Updated:

2018-12-04

Summary:

Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-5676

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2013:0139

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2013:0368

Source: CCN
Type: RHSA-2012-1569
Critical: flash-plugin security update

Source: CCN
Type: SA51536
Microsoft Windows Flash Player Multiple Vulnerabilities

Source: CCN
Type: SA51560
Adobe Flash Player / AIR Multiple Vulnerabilities

Source: CCN
Type: Microsoft Security Advisory (2785605)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10

Source: CCN
Type: Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10

Source: CCN
Type: Adobe Product Security Bulletin APSB12-27
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb12-27.html

Source: CCN
Type: OSVDB ID: 88354
Adobe Flash Player / AIR Unspecified Overflow

Source: CCN
Type: BID-56892
Adobe Flash Player and AIR CVE-2012-5676 Remote Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
adobe-cve20125676-bo(80617)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2012-5676

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 10.3 and < 10.3.183.48)

OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.5 and < 11.5.502.135)

AND

cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 10.3 and < 10.3.183.48)

OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.2 and < 11.2.202.258)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.1 and < 11.1.111.29)

AND

cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 2.0 and <= 2.3.7)

OR cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 3.0 and <= 3.2.6)

Configuration 4:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.1 and < 11.1.115.34)

AND

cpe:/o:google:android:*:*:*:*:*:*:*:* (Version >= 4.0 and <= 4.4.4)

Configuration 5:

cpe:/a:adobe:air:*:*:*:*:*:*:*:* (Version < 3.5.0.880)

AND

cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 10.3 and < 10.3.183.48)

OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.5 and < 11.5.502.136)

AND

cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/a:adobe:air:*:*:*:*:*:*:*:* (Version < 3.5.0.890)

AND

cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*

Configuration 8:

cpe:/a:adobe:air_sdk:*:*:*:*:*:*:*:* (Version < 3.5.0.880)

AND

cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/a:adobe:air_sdk:*:*:*:*:*:*:*:* (Version < 3.5.0.890)

AND

cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player_for_android:11.1.111.24:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player_for_android:11.1.115.27:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.5.502.110:*:*:*:*:*:*:*

OR cpe:/a:adobe:adobe_air:3.5.0.600:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:52002	P	Security update for haproxy (Critical)	2023-02-14
oval:org.opensuse.security:def:51934	P	Security update for python3 (Important)	2022-10-06
oval:org.opensuse.security:def:5302	P	Security update for postgresql12 (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:5335	P	Security update for postgresql10 (Important)	2022-08-26
oval:org.opensuse.security:def:5277	P	Security update for the Linux Kernel (Important)	2022-06-20
oval:org.opensuse.security:def:20125676	V	CVE-2012-5676	2022-05-20
oval:org.opensuse.security:def:6026	P	Security update for xen (Moderate)	2022-05-03
oval:org.opensuse.security:def:5366	P	Security update for flac (Moderate)	2022-03-14
oval:org.opensuse.security:def:5353	P	Security update for php72 (Moderate)	2022-02-25
oval:org.opensuse.security:def:5344	P	Security update for xen (Important)	2022-02-17
oval:org.opensuse.security:def:6004	P	Security update for MozillaFirefox (Important)	2022-01-18
oval:org.opensuse.security:def:10711	P	Security update for MozillaThunderbird (Important)	2022-01-12
oval:org.opensuse.security:def:51768	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:5168	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:10663	P	Security update for ffmpeg (Moderate)	2021-10-26
oval:org.opensuse.security:def:5132	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:51662	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:5121	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:5119	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:5110	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:10692	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:5101	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:5792	P	Security update for apache-commons-compress (Important)	2021-08-05
oval:org.opensuse.security:def:5770	P	Security update for sqlite3 (Important)	2021-07-14
oval:org.opensuse.security:def:5075	P	Security update for the Linux Kernel (Important)	2021-07-14
oval:org.opensuse.security:def:5068	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:48718	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11300	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11465	P	sysvinit-tools-2.88+-94.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76596	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11534	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11487	P	zoo-2.10-1020.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11513	P	cups-pk-helper-0.2.5-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76830	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17001	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11535	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10644	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:48670	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17049	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:5053	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:10677	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:51896	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:5045	P	Security update for postgresql10 (Moderate)	2021-05-27
oval:org.opensuse.security:def:5043	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:38122	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:38103	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:5202	P	Security update for openssl-1_1 (Important)	2021-03-25
oval:org.opensuse.security:def:5183	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:51723	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:51485	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:4968	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:51089	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:10584	P	Security update for MozillaThunderbird (Important)	2020-12-07
oval:org.opensuse.security:def:51088	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:4819	P	Security update for apache2 (Important)	2020-12-02
oval:org.opensuse.security:def:4949	P	Security update for spice-gtk (Moderate)	2020-12-02
oval:org.opensuse.security:def:4841	P	Security update for 389-ds (Important)	2020-12-02
oval:org.opensuse.security:def:4887	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:4811	P	Security update for apache2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:4934	P	Security update for libvirt (Important)	2020-12-02
oval:org.opensuse.security:def:10562	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52653	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54122	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52327	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38166	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52453	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:38170	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37403	P	cracklib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37787	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37367	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37745	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51322	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:10875	P	aaa_base-malloccheck on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10582	P	pam-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10738	P	libgnutls-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52531	P	Security update for munge (Moderate)	2020-12-01
oval:org.opensuse.security:def:52727	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54196	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51111	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:38055	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38804	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51323	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:52561	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:38214	P	gv on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10506	P	libidn-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37539	P	libjbig2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37947	P	libpulse-mainloop-glib0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37451	P	grub2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37835	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10805	P	libunrar-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37307	P	ppc64-diag on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10629	P	augeas-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10763	P	libneon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52612	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10630	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:10786	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52765	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:51251	P	Security update for djvulibre (Moderate)	2020-12-01
oval:org.opensuse.security:def:38094	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38846	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51345	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:38852	P	gnome-shell-calendar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37308	P	ppp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37640	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38006	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10554	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37587	P	libspice-server1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37995	P	libz1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10814	P	libxslt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10853	P	systemtap-sdt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10514	P	libksba-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52419	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:53888	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:37355	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10811	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52846	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:51489	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:52219	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:52168	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:38142	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38894	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37319	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37697	P	update-alternatives on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37356	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37688	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38054	P	rrdtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10827	P	ocaml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10862	P	xfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10536	P	libraptor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52493	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:53962	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:20395	V	Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 and Adobe AIR before 3.5.0.880 on Windows, allows attackers to execute arbitrary code via unspecified vectors	2015-08-03
oval:org.mitre.oval:def:21501	P	RHSA-2012:1569: flash-plugin security update (Critical)	2015-03-09
oval:org.mitre.oval:def:23603	P	ELSA-2012:1569: flash-plugin security update (Critical)	2014-05-26
oval:com.redhat.rhsa:def:20121569	P	RHSA-2012:1569: flash-plugin security update (Critical)	2012-12-12
oval:com.ubuntu.precise:def:20125676000	V	CVE-2012-5676 on Ubuntu 12.04 LTS (precise) - medium.	2012-12-12

BACK