CVE-2012-2034

HIGH KEV

Adobe Flash Player < 11.2.202.235 - Memory Corruption

Title source: rule

Description

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.

References (5)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2012-0722.html

[Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb12-14.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-2034

Scores

CVSS v3 7.5

EPSS 0.1029

EPSS Percentile 93.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-28

VulnCheck KEV 2022-03-28

InTheWild.io 2022-03-28

ENISA EUVD EUVD-2012-2040

CWE

CWE-119

Status published

Products (14)

adobe/air < 3.2.0.2070

adobe/flash_player < 11.2.202.235

opensuse/opensuse 11.4

opensuse/opensuse 12.1

redhat/enterprise_linux_desktop 5.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 6.2

redhat/enterprise_linux_server 5.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_aus 6.2

... and 4 more

Published Jun 09, 2012

KEV Added Mar 28, 2022

Tracked Since Feb 18, 2026