Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.

flash-player update to 11.2.202.235 fixes a potential remote code execution vulnerability

The remote host has Adobe Flash Player installed. 

Versions of Flash Player 10.x equal to or earlier than 10.3.183.18 or 11.x equal to or ealier than 11.2.202.233 are potentially affected by an object confusion vulnerability that could allow an attacker to crash the application or potentially take control of the target system.

By tricking a victim into visiting a specially crafted page, an attacker may be able to utilize this vulnerability to execute arbitrary code subject to the users' privileges

Flash Player was updated to version 11.2.202.233, fixing a critical security problem.

This update also fixes a problem with NVIDIA accelerated drivers and swapped blue/red colors, and also a printing regression introduced by a previous update.

The remote host is affected by the vulnerability described in GLSA-201206-21 (Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted SWF       file, possibly resulting in execution of arbitrary code with the       privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-09, listed in the References section. Specially crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially crafted SWF content.
(CVE-2012-0779)

All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.19.

Flash Player was updated to version 11.2.202.233, fixing a critical security problem.

According to its version, the instance of Flash Player installed on the remote Mac OS X host is 10.x equal to or earlier than 10.3.183.18 or 11.x equal to or earlier than 11.2.202.233.  It is, therefore, reportedly affected by an object confusion vulnerability that could allow an attacker to crash the application or potentially take control of the target system. 

By tricking a victim into visiting a specially crafted page, an attacker may be able to utilize this vulnerability to execute arbitrary code subject to the users' privileges.

According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.18 or 11.x equal to or earlier than 11.2.202.233.  It is, therefore, reportedly affected by an object confusion vulnerability that could allow an attacker to crash the application or potentially take control of the target system. 

By tricking a victim into visiting a specially crafted page, an attacker may be able to utilize this vulnerability to execute arbitrary code subject to the users' privileges.

ID	Name	Product	Family	Severity
74617	openSUSE Security Update : flash-player (openSUSE-SU-2012:0594-1)	Nessus	SuSE Local Security Checks	high
6801	Flash Player <= 10.3.183.18 / 11.2.202.233 Object Confusion Vulnerability (APSB12-09)	Nessus Network Monitor	Web Clients	high
64137	SuSE 11.1 Security Update : flash-player (SAT Patch Number 6253)	Nessus	SuSE Local Security Checks	high
59674	GLSA-201206-21 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
59253	RHEL 5 / 6 : flash-plugin (RHSA-2012:0688)	Nessus	Red Hat Local Security Checks	high
59054	SuSE 10 Security Update : flash-player (ZYPP Patch Number 8116)	Nessus	SuSE Local Security Checks	high
58995	Flash Player for Mac <= 10.3.183.18 / 11.2.202.233 Object Confusion Vulnerability (APSB12-09)	Nessus	MacOS X Local Security Checks	high
58994	Flash Player <= 10.3.183.18 / 11.2.202.233 Object Confusion Vulnerability (APSB12-09)	Nessus	Windows	high

Detections

Analytics

CVE-2012-0779

critical

Tenable Plugins

high

high

high

high

high

high

high

high