Buffer overflow in Adobe Adobe_air

CVE-2012-5266

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on A…

Vulnerability class: Buffer Overflow

EPSS: 0.064 (91.2th percentile) — read the EPSS interpretation.

Affected products

Adobe Adobe_air — versions 1.0, 1.0.1, 1.0.8.4990
Adobe Adobe_air_sdk
Adobe Flash_player — versions 10.1.85.3, 10.1.102.64, 10.2.152.26
Adobe Flash_player_for_android — versions 10.1.106.17, 10.2.157.51, 10.3.186.7
Apple Mac_os_x
Google Android — versions 2.0, 2.0.1, 2.1
Linux Linux_kernel
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

openSUSE-SU-2013:0370 (vendor-advisory, x_refsource_SUSE)
86043 (x_refsource_OSVDB, vdb-entry)
psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)
adobe-cve20125266-bo(79087) (vdb-entry, x_refsource_XF)