CVE-2012-0754

Related Files

Zero Day Initiative Advisory 12-080

Posted Jun 6, 2012

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. A size value is read from MP4 files and used for size calculation without proper validation. The arithmetic performed on the size value can cause integer overflows, resulting in undersized allocations. This undersized memory allocation can be subsequently overpopulated with data supplied by the input file which can be used to gain remote code execution under the context of the current process.

tags | advisory, remote, overflow, arbitrary, code execution

advisories | CVE-2012-0754

SHA-256 | 7d4277c0240390dfaf844d794201f5813348bc3c4e7a17ba30d5fa943904ac26

Download | Favorite | View

Gentoo Linux Security Advisory 201204-07

Posted Apr 18, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201204-7 - Multiple vulnerabilities in Adobe Flash Player, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 11.2.202.228 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767, CVE-2012-0768, CVE-2012-0769, CVE-2012-0773

SHA-256 | bcf33f097735edaa2dba3ae55379f08e72c0e989bf92ca775ea579c3a0dded65

Download | Favorite | View

Adobe Flash Player .mp4 'cprt' Overflow

Posted Mar 8, 2012

Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt .mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situation.doc" phishing campaign.

tags | exploit, remote, arbitrary, code execution

advisories | CVE-2012-0754, OSVDB-79300

SHA-256 | bc712e2a0634304709e04fab0e0b399f87ad8994ef78b54e906ba338a89de632

Download | Favorite | View

Red Hat Security Advisory 2012-0144-01

Posted Feb 18, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0144-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-03, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.

tags | advisory, web, arbitrary, vulnerability

systems | linux, redhat

advisories | CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767

SHA-256 | e12fa8491ed0eb8269109f0b84ae42b196495d0ce25bd1e59eee089e630a6dbe

Download | Favorite | View