CVE-2012-0767
moderate-risk
Published 2012-02-16
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
Do I need to act?
!
16.3% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (17)
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0144.html
Broken Link
http://secunia.com/advisories/48265
Broken Link
http://secunia.com/advisories/48819
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201204-07.xml
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0144.html
Broken Link
http://secunia.com/advisories/48265
Broken Link
http://secunia.com/advisories/48819
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201204-07.xml
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3...
48
/ 100
moderate-risk
Severity
23/34 · High
Exploitability
20/34 · Moderate
Exposure
5/34 · Minimal