Exploitation Summary
CVE-2012-5054 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.
Description
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
References (5)
Core 5
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5054
Not Applicable, Vendor Advisory x_refsource_misc
http://www.adobe.com/support/security/bulletins/apsb12-19.html
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78866
Broken Link x_refsource_misc
http://www.vupen.com/english/services/ba-index.php
Scores
CVSS v3
8.8
EPSS
0.7151
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-06-08
VulnCheck KEV
2013-02-12
InTheWild.io
2014-11-13
ENISA EUVD
EUVD-2012-4978
CWE
CWE-190
Status
published
Products (1)
adobe/flash_player
< 11.4.402.265
Published
Sep 24, 2012
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026