CVE-2012-0767

MEDIUM KEV

Adobe Flash Player <10.3.183.15,11.x<11.1.102.62 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.

References (9)

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2012-0144.html

[Broken Link] http://secunia.com/advisories/48265

[Broken Link] http://secunia.com/advisories/48819

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201204-07.xml

[Broken Link, Patch, Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb12-03.html

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0767

Scores

CVSS v3 6.1

EPSS 0.1627

EPSS Percentile 94.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitation Intel

CISA KEV 2022-06-08

VulnCheck KEV 2012-02-16

InTheWild.io 2018-10-30

ENISA EUVD EUVD-2012-0799

Classification

CWE

CWE-79

Status draft

Affected Products (1)

adobe/flash_player < 10.3.183.15

Timeline

Published Feb 16, 2012

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026