CVE-2012-5054

HIGH KEV

Adobe Flash Player <11.4.402.265 - RCE

Title source: llm

Description

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.

References (5)

[Exploit, Third Party Advisory] http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html

[Not Applicable, Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb12-19.html

[Broken Link] http://www.vupen.com/english/services/ba-index.php

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/78866

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5054

Scores

CVSS v3 8.8

EPSS 0.7214

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-06-08

VulnCheck KEV 2013-02-12

InTheWild.io 2014-11-13

ENISA EUVD EUVD-2012-4978

CWE

CWE-190

Status published

Products (1)

adobe/flash_player < 11.4.402.265

Published Sep 24, 2012

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026