CVE-2012-0779

EXPLOITED IN THE WILD

Adobe Flash Player <10.3.183.19-11.2.202.235 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2012-0779 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including Metasploit, sinn3r, juan vazquez, including a Metasploit module exploits/windows/browser/adobe_flash_rtmp.

AI-analyzed exploit summary This Metasploit module exploits a type confusion vulnerability in Adobe Flash Player (CVE-2012-0779) by sending a corrupt AMF0 '_error' response to achieve arbitrary remote code execution. It includes ROP chains and heap spraying techniques to bypass memory protections.

Description

Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/19369

This Metasploit module exploits a type confusion vulnerability in Adobe Flash Player (CVE-2012-0779) by sending a corrupt AMF0 '_error' response to achieve arbitrary remote code execution. It includes ROP chains and heap spraying techniques to bypass memory protections.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Flash Player 10.3.183.19 and 11.x before 11.2.202.235
No auth needed
Prerequisites: Target must visit a malicious webpage or open a malicious document · Flash Player must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_rtmp.rb

This Metasploit module exploits a type confusion vulnerability in Adobe Flash Player (CVE-2012-0779) by sending a corrupt AMF0 '_error' response via RTMP, leading to arbitrary remote code execution. It includes heap spraying and ROP chain techniques to achieve reliable exploitation on targeted Windows XP systems with specific IE versions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Flash Player 10.3.183.19 and 11.x before 11.2.202.235
No auth needed
Prerequisites: Victim must visit a malicious RTMP server · Target must have vulnerable Flash Player version · Specific IE versions on Windows XP SP3
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027023
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00005.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53395
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49096
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0688.html
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/81656
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49038
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00004.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75383

Scores

EPSS 0.9007
EPSS Percentile 99.6%

Details

VulnCheck KEV 2012-05-04
InTheWild.io 2019-07-18
Status published
Products (1)
adobe/flash_player 10.3 - 10.3.183.19
Published May 04, 2012
Tracked Since Feb 18, 2026