Vulnerability CVE-2012-5054


Published: 2012-09-24

Description:
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Flash Player \"Matrix3D\" Integer Overflow Code Execution
Nicolas Joly
11.09.2012

Type:

CWE-189

(Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Adobe -> Flash player 

 References:
http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html
http://www.adobe.com/support/security/bulletins/apsb12-19.html
http://www.vupen.com/english/services/ba-index.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/78866

Copyright 2024, cxsecurity.com

 

Back to Top