Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Flash_player | Adobe | * | 11.2.202.235 (including) |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | flash-plugin-0:10.3.183.20-1.el5 | * |
| Supplementary for Red Hat Enterprise Linux 6 | RedHat | flash-plugin-0:10.3.183.20-1.el6 | * |
| Adobe-flashplugin | Ubuntu | hardy | * |
| Adobe-flashplugin | Ubuntu | lucid | * |
| Adobe-flashplugin | Ubuntu | natty | * |
| Adobe-flashplugin | Ubuntu | oneiric | * |
| Adobe-flashplugin | Ubuntu | precise | * |
| Adobe-flashplugin | Ubuntu | upstream | * |
| Flashplugin-nonfree | Ubuntu | devel | * |
| Flashplugin-nonfree | Ubuntu | hardy | * |
| Flashplugin-nonfree | Ubuntu | lucid | * |
| Flashplugin-nonfree | Ubuntu | natty | * |
| Flashplugin-nonfree | Ubuntu | oneiric | * |
| Flashplugin-nonfree | Ubuntu | precise | * |
| Flashplugin-nonfree | Ubuntu | upstream | * |
Potential Mitigations
References
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html
- http://rhn.redhat.com/errata/RHSA-2012-0722.html
- http://www.adobe.com/support/security/bulletins/apsb12-14.html
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html
- http://rhn.redhat.com/errata/RHSA-2012-0722.html
- http://www.adobe.com/support/security/bulletins/apsb12-14.html