Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Critical Remote Code Execution Vulnerability in Adobe Flash Player


Adobe Security Bulletin APSB12-22CVE-2012-5268 )

Summary


A vulnerability that could allow a remote attacker to take control of a targeted system has been discovered in Flash Player. The Check Point IPS Software Blade provides network-level protection for unpatched systems.

Details


The vulnerability is due to an out of bounds memory access, which can be triggered by enticing a user to open a maliciously crafted .SWF file. Successful exploitation could allow the attacker to execute arbitrary code on the targeted system.

Affected Products

The following Adobe Flash Player versions are affected by this issue:

  • 11.4.402.278 and earlier versions for Windows
  • 11.4.402.265 and earlier versions for Macintosh
  • 11.2.202.238 and earlier versions for Linux
  • 11.1.115.17 and earlier versions for Android 4.x
  • 11.1.111.16 and earlier versions for Android 3.x and 2.x

Additionally, these Adobe AIR versions are susceptible:

  • 3.4.0.2540 and earlier versions for Windows and Macintosh
  • 3.4.0.2540 SDK (includes AIR for iOS) and earlier versions
  • 3.4.0.2540 and earlier versions for Android 

Solution


Check Point recommends deploying the updates described in APSB12-22 as soon as is practical. In the meantime, the Check Point IPS Software Blade protects unpatched systems in the latest IPS update by detecting and blocking the transferal of malicious .SWF files on the network. For more information, see CPAI-2012-1322.

 

Originally Published:

Last Updated: 09-Jan-2013

Legal Notice for Threat Center Advisories