Release Date 2012-06-10
Severity: High
Software:
· Adobe AIR 3.x
· Adobe Flash Player 11.x
· Adobe Flash Player 11.2.202.235 and earlier for Windows, Macintosh and Linux
· Adobe Flash Player 11.1.115.8 and earlier for Android 4.x
· Adobe Flash Player 11.1.111.9 and earlier for Android 3.x and 2.x
· Adobe AIR 3.2.0.2070 and earlier for Windows, Macintosh and Android
Impact :
· Security Bypass
· System access
CVE Reference(s)
CVE-2012-2034
CVE-2012-2035
CVE-2012-2036
CVE-2012-2037
CVE-2012-2038
CVE-2012-2039
CVE-2012-2040
Description
Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) An error when parsing ActionScript can be exploited to corrupt memory.
2) An unspecified error can be exploited to cause a stack-based buffer overflow.
3) An integer overflow error can be exploited to corrupt memory.
4) An error within NPSWF32.dll when parsing certain tags can be exploited to corrupt memory.
5) An error in the "SoundMixer.computeSpectrum()" method can be exploited to bypass the same-origin policy.
6) Unspecified errors related to "null dereference" may reportedly allow code execution.
7) An unspecified error in the installer allows planting a binary file and may allow execution of arbitrary code.
Solution
Update to a fixed version.
Original Advisory
Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-14.html
iDefense:
NOTE:The Information provided is on "as is" basis, without assurance of any kind.