BID:52914

Adobe Flash Player CVE-2012-0725 Remote Memory Corruption Vulnerability

Info

Adobe Flash Player CVE-2012-0725 Remote Memory Corruption Vulnerability

Bugtraq ID:	52914
Class:	Unknown
CVE:	CVE-2012-0725
Remote:	Yes
Local:	No
Published:	Apr 05 2012 12:00AM
Updated:	Mar 19 2015 09:32AM
Credit:	Mark Yason and Paul Sabanal of IBM X-Force Research and Fermin J. Serna of the Google Security Team
Vulnerable:	Xerox FreeFlow Print Server (FFPS) 73.C0.41 Xerox FreeFlow Print Server (FFPS) 73.B3.61 Sun Solaris 10 Google Chrome 17.0.963 79 Google Chrome 17.0.963 65 Google Chrome 16.0.912 75 Google Chrome 15.0.874 102 Google Chrome 9.0.597.94 Google Chrome 9.0.597.84 Google Chrome 9.0.597.107 Google Chrome 8.0.552.344 Google Chrome 8.0.552.310 Google Chrome 8.0.552.309 Google Chrome 8.0.552.308 Google Chrome 8.0.552.307 Google Chrome 8.0.552.306 Google Chrome 8.0.552.305 Google Chrome 8.0.552.304 Google Chrome 8.0.552.303 Google Chrome 8.0.552.302 Google Chrome 8.0.552.301 Google Chrome 8.0.552.300 Google Chrome 8.0.552.237 Google Chrome 8.0.552.226 Google Chrome 8.0.552.225 Google Chrome 8.0.552.224 Google Chrome 8.0.552.223 Google Chrome 8.0.552.222 Google Chrome 8.0.552.221 Google Chrome 8.0.552.220 Google Chrome 8.0.552.219 Google Chrome 8.0.552.218 Google Chrome 8.0.552.217 Google Chrome 8.0.552.216 Google Chrome 8.0.552.215 Google Chrome 8.0.552.214 Google Chrome 8.0.552.213 Google Chrome 8.0.552.212 Google Chrome 8.0.552.211 Google Chrome 8.0.552.210 Google Chrome 8.0.552.21 Google Chrome 8.0.552.209 Google Chrome 8.0.552.208 Google Chrome 8.0.552.207 Google Chrome 8.0.552.206 Google Chrome 8.0.552.205 Google Chrome 8.0.552.204 Google Chrome 8.0.552.203 Google Chrome 8.0.552.202 Google Chrome 8.0.552.201 Google Chrome 8.0.552.200 Google Chrome 8.0.552.20 Google Chrome 8.0.552.2 Google Chrome 8.0.552.19 Google Chrome 8.0.552.18 Google Chrome 8.0.552.17 Google Chrome 8.0.552.16 Google Chrome 8.0.552.15 Google Chrome 8.0.552.14 Google Chrome 8.0.552.13 Google Chrome 8.0.552.12 Google Chrome 8.0.552.11 Google Chrome 8.0.552.105 Google Chrome 8.0.552.104 Google Chrome 8.0.552.103 Google Chrome 8.0.552.102 Google Chrome 8.0.552.101 Google Chrome 8.0.552.100 Google Chrome 8.0.552.10 Google Chrome 8.0.552.1 Google Chrome 8.0.552.0 Google Chrome 8.0.551.1 Google Chrome 8.0.551.0 Google Chrome 8.0.550.0 Google Chrome 8.0.549.0 Google Chrome 18.0.1025.142 Google Chrome 17.0.963.83 Google Chrome 17.0.963.78 Google Chrome 17.0.963.60 Google Chrome 17.0.963.56 Google Chrome 17.0.963.46 Google Chrome 16.0.912.77 Google Chrome 16.0.912.75 Google Chrome 16.0.912.63 Google Chrome 16 Google Chrome 15.0.874.121 Google Chrome 15.0.874.120 Google Chrome 14.0.835.202 Google Chrome 14.0.835.186 Google Chrome 14.0.835.163 Google Chrome 14 Google Chrome 13.0.782.215 Google Chrome 13.0.782.112 Google Chrome 13.0.782.107 Google Chrome 13 Google Chrome 12.0.742.91 Google Chrome 12.0.742.112 Google Chrome 12.0.742.100 Google Chrome 12 Google Chrome 11.0.696.77 Google Chrome 11.0.696.71 Google Chrome 11.0.696.68 Google Chrome 11.0.696.65 Google Chrome 11.0.696.57 Google Chrome 11.0.696.43 Google Chrome 11.0.672.2 Google Chrome 11 Google Chrome 10.0.648.205 Google Chrome 10.0.648.205 Google Chrome 10.0.648.204 Google Chrome 10.0.648.133 Google Chrome 10.0.648.128 Google Chrome 10.0.648.127 Google Chrome 10.0.648.127 Google Chrome 10 Adobe Flash Player 11.1.102.63 Adobe Flash Player 11.1.102.62 Adobe Flash Player 11.1.102.55 Adobe Flash Player 11.1.102.228 Adobe AIR 2.0.4 Adobe AIR 2.0.3 Adobe AIR 1.5.3 .9130 Adobe AIR 1.5.3 .9120 Adobe AIR 1.5.3 Adobe AIR 1.5.2 Adobe AIR 1.5.1 Adobe AIR 3.1.0.4880 Adobe AIR 3.0 Adobe AIR 2.7.1.1961 Adobe AIR 2.7.1 Adobe AIR 2.7 Adobe AIR 2.6.19140 Adobe AIR 2.6.19120 Adobe AIR 2.6 Adobe AIR 2.5.1 Adobe AIR 2.0.3 Adobe AIR 2.0.2.12610 Adobe AIR 2.0.2 Adobe AIR 1.5 Adobe AIR 1.1 Adobe AIR 1.01 Adobe AIR 1.0

Not Vulnerable:	Google Chrome 18.0.1025.151 Adobe Flash Player 11.2.202.229 Adobe AIR 3.2.0.2080 Adobe AIR 3.2.0.2070

Discussion

Adobe Flash Player CVE-2012-0725 Remote Memory Corruption Vulnerability

Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Exploit / POC

Adobe Flash Player CVE-2012-0725 Remote Memory Corruption Vulnerability

Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Adobe Flash Player CVE-2012-0725 Remote Memory Corruption Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

Adobe Flash Player CVE-2012-0725 Remote Memory Corruption Vulnerability

References:

Adobe Homepage (Adobe)
Multiple vulnerabilities in Adobe Flashplayer (Oracle)
APSB12-07 Security update available for Adobe Flash Player (Adobe)