Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Critical Remote Code Execution Vulnerability in Adobe Flash Player

Adobe Security Bulletin APSB12-22CVE-2012-5268 )


A vulnerability that could allow a remote attacker to take control of a targeted system has been discovered in Flash Player. The Check Point IPS Software Blade provides network-level protection for unpatched systems.


The vulnerability is due to an out of bounds memory access, which can be triggered by enticing a user to open a maliciously crafted .SWF file. Successful exploitation could allow the attacker to execute arbitrary code on the targeted system.

Affected Products

The following Adobe Flash Player versions are affected by this issue:

  • 11.4.402.278 and earlier versions for Windows
  • 11.4.402.265 and earlier versions for Macintosh
  • and earlier versions for Linux
  • and earlier versions for Android 4.x
  • and earlier versions for Android 3.x and 2.x

Additionally, these Adobe AIR versions are susceptible:

  • and earlier versions for Windows and Macintosh
  • SDK (includes AIR for iOS) and earlier versions
  • and earlier versions for Android 


Check Point recommends deploying the updates described in APSB12-22 as soon as is practical. In the meantime, the Check Point IPS Software Blade protects unpatched systems in the latest IPS update by detecting and blocking the transferal of malicious .SWF files on the network. For more information, see CPAI-2012-1322.


Originally Published:

Last Updated: 09-Jan-2013

Legal Notice for Threat Center Advisories