CVE-2012-4168

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
adobeflash_player
10.3 ≤
𝑥
< 10.3.183.23
adobeflash_player
11.4 ≤
𝑥
< 11.4.402.265
adobeflash_player
10.3 ≤
𝑥
< 10.3.183.23
adobeflash_player
11.2 ≤
𝑥
< 11.2.202.238
adobeflash_player
11.1 ≤
𝑥
< 11.1.111.16
adobeflash_player
11.1 ≤
𝑥
< 11.1.115.17
adobeair
𝑥
< 3.4.0.2540
adobeair_sdk
𝑥
< 3.4.0.2540
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
precise
Fixed 11.2.202.238-0precise1
released
oneiric
Fixed 11.2.202.238-0oneiric1
released
natty
Fixed 11.2.202.238-0natty1
released
lucid
Fixed 11.2.202.238-0lucid1
released
hardy
ignored
flashplugin-nonfree
precise
Fixed 11.2.202.238ubuntu0.12.04.1
released
oneiric
Fixed 11.2.202.238ubuntu0.11.10.1
released
natty
Fixed 11.2.202.238ubuntu0.11.04.1
released
lucid
Fixed 11.2.202.238ubuntu0.10.04.1
released
hardy
ignored
Common Weakness Enumeration
References
http://marc.info/?l=bugtraq&m=139455789818399&w=2
http://rhn.redhat.com/errata/RHSA-2012-1203.html
http://security.gentoo.org/glsa/glsa-201209-01.xml
http://www.adobe.com/support/security/bulletins/apsb12-19.html
http://marc.info/?l=bugtraq&m=139455789818399&w=2
http://rhn.redhat.com/errata/RHSA-2012-1203.html
http://security.gentoo.org/glsa/glsa-201209-01.xml
http://www.adobe.com/support/security/bulletins/apsb12-19.html