CVE-2012-0767

MEDIUM KEV

Adobe Flash Player <10.3.183.15,11.x<11.1.102.62 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2012-0767 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201204-07.xml
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48265
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb12-03.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0144.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48819

Scores

CVSS v3 6.1
EPSS 0.1491
EPSS Percentile 94.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2022-06-08
VulnCheck KEV 2012-02-16
InTheWild.io 2018-10-30
ENISA EUVD EUVD-2012-0799
CWE
CWE-79
Status published
Products (1)
adobe/flash_player < 10.3.183.15
Published Feb 16, 2012
KEV Added Jun 08, 2022
Tracked Since Feb 18, 2026