Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability

Bugtraq ID:	53395
Class:	Unknown
CVE:	CVE-2012-0779
Remote:	Yes
Local:	No
Published:	May 04 2012 12:00AM
Updated:	Jun 20 2013 09:38AM
Credit:	Microsoft Vulnerability Research
Vulnerable:	SuSE SUSE Linux Enterprise Desktop 11 SP2 + Linux kernel 2.6.5 SuSE SUSE Linux Enterprise Desktop 11 SP1 + Linux kernel 2.6.5 Red Hat Enterprise Linux Workstation Supplementary 6 Red Hat Enterprise Linux Supplementary 5 server Red Hat Enterprise Linux Server Supplementary 6 Red Hat Enterprise Linux Desktop Supplementary 6 Red Hat Enterprise Linux Desktop Supplementary 5 client Adobe Flash Player 10.1.53 .64 Adobe Flash Player 10.1.51 .66 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.32 18 Adobe Flash Player 10.0.22 .87 Adobe Flash Player 10.0.15 .3 Adobe Flash Player 10.0.12 .36 Adobe Flash Player 10.0.12 .35 Adobe Flash Player 11.2.202.233 Adobe Flash Player 11.2.202.229 Adobe Flash Player 11.2.202.228 Adobe Flash Player 11.2.202.223 Adobe Flash Player 11.1.115.7 Adobe Flash Player 11.1.115.6 Adobe Flash Player 11.1.112.61 Adobe Flash Player 11.1.111.8 Adobe Flash Player 11.1.111.7 Adobe Flash Player 11.1.111.6 Adobe Flash Player 11.1.111.5 Adobe Flash Player 11.1.102.63 Adobe Flash Player 11.1.102.62 Adobe Flash Player 11.1.102.55 Adobe Flash Player 11.1.102.228 Adobe Flash Player 11.0.1.152 Adobe Flash Player 10.3.186.7 Adobe Flash Player 10.3.186.6 Adobe Flash Player 10.3.186.3 Adobe Flash Player 10.3.186.2 Adobe Flash Player 10.3.185.25 Adobe Flash Player 10.3.185.23 Adobe Flash Player 10.3.185.22 Adobe Flash Player 10.3.185.21 Adobe Flash Player 10.3.183.7 Adobe Flash Player 10.3.183.5 Adobe Flash Player 10.3.183.4 Adobe Flash Player 10.3.183.10 Adobe Flash Player 10.3.181.34 Adobe Flash Player 10.3.181.26 Adobe Flash Player 10.3.181.23 Adobe Flash Player 10.3.181.22 Adobe Flash Player 10.3.181.16 Adobe Flash Player 10.3.181.14 Adobe Flash Player 10.2.159.1 Adobe Flash Player 10.2.157.51 Adobe Flash Player 10.2.156.12 Adobe Flash Player 10.2.154.28 Adobe Flash Player 10.2.154.27 Adobe Flash Player 10.2.154.25 Adobe Flash Player 10.2.154.24 Adobe Flash Player 10.2.154.18 Adobe Flash Player 10.2.154.13 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.152.33 Adobe Flash Player 10.2.152.32 Adobe Flash Player 10.2.152.21 Adobe Flash Player 10.2.152 Adobe Flash Player 10.1.95.2 Adobe Flash Player 10.1.95.1 Adobe Flash Player 10.1.92.8 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.82.76 Adobe Flash Player 10.1.52.15 Adobe Flash Player 10.1.52.14.1 Adobe Flash Player 10.1.106.16 Adobe Flash Player 10.1.105.6 Adobe Flash Player 10.1.102.65 Adobe Flash Player 10.1.102.64 Adobe Flash Player 10.0.42.34 Adobe Flash Player 10.0.32.18 Adobe Flash Player 10
Not Vulnerable:	Adobe Flash Player 11.2.202.235 Adobe Flash Player 11.1.115.8 Adobe Flash Player 11.1.111.9

Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability

Adobe Flash Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

The following versions are affected:

Adobe Flash Player 11.2.202.233 and prior versions for Windows, Mac OS and Linux operating systems
Adobe Flash Player 11.1.115.7 and prior versions for Android 4.x
Adobe Flash Player 11.1.111.8 and prior versions for Android 3.x and 2.x

Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability

Reports indicates this issue is being actively exploited in the wild.

The following exploit is available:

• /data/vulnerabilities/exploits/53395.rb

Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references for more information.

Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability

References:

• Adobe Homepage (Adobe)
  
• APSB12-09: Security update available for Adobe Flash Player (Adobe)
  
• Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayB (Research In Motion)