Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Adobe Flash Player Two Vulnerabilities

-

Release Date:  2012-03-06    Last Update:  2012-04-10    Views:  21,185

Secunia Advisory SA48281

Where:

From remote

Impact:

Exposure of sensitive information, System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system.

1) An unspecified error in Matrix3D can be exploited to corrupt memory and may allow execution of arbitrary code.

2) An input validation error within the "histogram()" method of the "BitmapData" class can be exploited to disclose information.

The vulnerabilities are reported in the following versions:
* Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris.
* Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x.
* Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x.


Solution:
Update to a fixed version.

Further details available to Secunia VIM customers

Provided and/or discovered by:
1) The vendor credits Tavis Ormandy, Google Security Team.
2) Fermin J. Serna, Google Security Team.

Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-05.html

Fermin J. Serna:
http://zhodiac.hispahack.com/my-stuff/security/Flash_ASLR_bypass.pdf

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Adobe Flash Player Two Vulnerabilities

User Message
[+]

rilbritsmars

RE: Adobe Flash Player Two Vulnerabilities
This reply has been deleted

lalalackvirg

RE: Adobe Flash Player Two Vulnerabilities
[+]
This reply has been deleted

rilbritsmars

RE: Adobe Flash Player Two Vulnerabilities
[+]
This reply has been deleted

rilbritsmars

RE: Adobe Flash Player Two Vulnerabilities
[+]
This reply has been deleted
rilbritsmars RE: Adobe Flash Player Two Vulnerabilities
Member 8th Jun, 2012 05:54
Score: -825
Posts: 26
User Since: 3rd Mar 2012
System Score: N/A
Location: US
Last edited on 8th Jun, 2012 05:54
<strong><a href="http://www.imenswatches.com/a-lange-sohne-watches-... ">A. Lange & Sohne watches</a></strong><br>
<strong><a href="http://www.imenswatches.com/a-lange-sohne-watches-... ">Replica A. Lange & Sohne watches</a></strong><br>
<strong><a href="http://www.imenswatches.com/a-lange-sohne-watches-... ">fake A. Lange & Sohne watches</a></strong><br>
<strong><a href="http://www.imenswatches.com/a-lange-sohne-watches-... ">copy A. Lange & Sohne watches</a></strong><br>
<strong><a href="http://www.imenswatches.com/a-lange-sohne-watches-... ">cheap A. Lange & Sohne watches</a></strong><br>
Was this reply relevant?
+0
-0
rilbritsmars RE: Adobe Flash Player Two Vulnerabilities
Member 10th Jun, 2012 14:55
Score: -825
Posts: 26
User Since: 3rd Mar 2012
System Score: N/A
Location: US
Last edited on 10th Jun, 2012 14:55
Rolex, Rolex-Uhren, Replik Rolex-Uhren, gefälschte Rolex-Uhren, billige Rolex-Uhren, Rolex-Uhren kaufen, Rabatt Rolex Uhren, Rolex Uhren verkaufen, Rolex Uhren online
Was this reply relevant?
+0
-0
lalalackvirg RE: Adobe Flash Player Two Vulnerabilities
Member 14th Jul, 2012 21:00
Score: -650
Posts: 12
User Since: 9th Mar 2012
System Score: N/A
Location: US
Last edited on 14th Jul, 2012 21:00
<strong><a href="http://www.watchescoltd.com/oris-watches-c-320.htm... ">fake ORIS WATCHES</a></strong><br>
<strong><a href="http://www.watchescoltd.com/oris-watches-c-320.htm... ">cheap ORIS WATCHES</a></strong><br>
<strong><a href="http://www.watchescoltd.com/oris-watches-c-320.htm... ">copy ORIS WATCHES</a></strong><br>
<strong><a href="http://www.watchescoltd.com/oris-watches-c-320.htm... ">ORIS WATCHES sale</a></strong><br>
<strong><a href="http://www.watchescoltd.com/oris-watches-c-320.htm... ">ORIS WATCHES online</a></strong><br>
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability