CVE-2012-0767
CVE-2012-0767
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.1EPSS 6.7%KEV simPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
16 Feb 2012Published on NVD
08 Jun 2022Active exploitation (CISA KEV)
Recommendation: Plan a near-term fix — a public PoC already exists.
In short
Adobe Flash Player had a vulnerability that allowed attackers to inject malicious scripts into web pages viewed by users. This could let them steal data, hijack accounts, or spread malware without users realizing it.
Technical detail
CVSS 6.1 (Medium) reflects the ability to compromise confidentiality and integrity of user sessions, though exploitation requires successful delivery via a web page.
Summary generated and translated by AI from the official description.
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0144.htmlhttp://secunia.com/advisories/48265http://secunia.com/advisories/48819http://security.gentoo.org/glsa/glsa-201204-07.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0767http://www.adobe.com/support/security/bulletins/apsb12-03.html