FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-0772

This CVE name corresponds to:

Entered Topic
2012-04-10 linux-flashplugin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-0772
Phase Assigned(20120118)

Description

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.

References

Source Reference
CONFIRM http://www.adobe.com/support/security/bulletins/apsb12-07.html
CONFIRM http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
OSVDB 80706
OVAL oval:org.mitre.oval:def:15266
SECTRACK 1026859
SECUNIA 48618