Adobe Flash Player and Air code execution

adobe-cve20125256-code-exec (79077) The risk level is classified as HighHigh Risk


An unspecified vulnerability in Adobe Flash Player and Air could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system.


Base Score: 9.3
  Access Vector: Network
  Access Complexity: Medium
  Authentication: None
  Confidentiality Impact: Complete
  Integrity Impact: Complete
  Availability Impact: Complete
Temporal Score: 6.9
  Exploitability: Unproven
  Remediation Level: Official-Fix
  Report Confidence: Confirmed


Gain Access


Refer to APSB12-22 for patch, upgrade or suggested workaround information. See References.


  • Adobe Product Security Bulletin APSB12-22: Security updates available for Adobe Flash Player.
  • Google Chrome Releases Web site: Stable Channel Update.
  • BID-56198: Adobe Flash Player and AIR CVE-2012-5256 Memory Corruption Vulnerability
  • CVE-2012-5256: Adobe Flash Player before and 11.x before 11.4.402.287 on Windows and Mac OS X, before and 11.x before on Linux, before on Android 2.x and 3.x, and before on Android 4.x; Adobe AIR before; and Adobe AIR SDK before allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
  • OSVDB ID: 86033: Adobe Flash Player / AIR Unspecified Memory Corruption (2012-5256)
  • RHSA-2012-1346: Critical: flash-plugin security update
  • SA50876: Adobe Flash Player / AIR Multiple Vulnerabilities

Platforms Affected:

  • Adobe AIR
  • Adobe AIR SDK
  • Adobe Air for Android
  • Adobe Flash Player For Android
  • Adobe Flash Player For Android
  • Adobe Flash Player For Linux
  • Adobe Flash Player For Windows and Macintosh 11.4.402.265
  • Adobe Flash Player For Windows and Macintosh 11.4.402.278
  • Google Chrome 22
  • RedHat Enterprise Linux Desktop Supplementary 6
  • RedHat Enterprise Linux Server Supplementary 6
  • RedHat Enterprise Linux Workstation Supplementary 6
  • RedHat RHEL Desktop Supplementary 5 Client
  • RedHat RHEL Supplementary 5 Server


Oct 08, 2012

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page