CVE-2012-2034

HIGH KEV

Adobe Flash Player < 11.2.202.235 and AIR < 3.2.0.2070 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2012-2034 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 28, 2022.

Description

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.

References (5)

Core 5
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0722.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html

Scores

CVSS v3 7.5
EPSS 0.1029
EPSS Percentile 93.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-28
VulnCheck KEV 2022-03-28
InTheWild.io 2022-03-28
ENISA EUVD EUVD-2012-2040
CWE
CWE-119
Status published
Products (14)
adobe/air < 3.2.0.2070
adobe/flash_player < 11.2.202.235
opensuse/opensuse 11.4
opensuse/opensuse 12.1
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 6.2
redhat/enterprise_linux_server 5.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server_aus 6.2
... and 4 more
Published Jun 09, 2012
KEV Added Mar 28, 2022
Tracked Since Feb 18, 2026