CVE-2012-2034

high-risk
Published 2012-06-09

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.

Do I need to act?

!
10.7% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / HIGH complexity

Affected Products (15)

Air

Affected Vendors

Redhat Adobe Suse Opensuse

References (9)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2012-0722.html
Vendor Advisory http://www.adobe.com/support/security/bulletins/apsb12-14.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2012-0722.html
Vendor Advisory http://www.adobe.com/support/security/bulletins/apsb12-14.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-...
58
/ 100
high-risk
Severity 22/34 · High
Exploitability 18/34 · Moderate
Exposure 18/34 · Moderate