Lucene search

AdobeCVE-2012-2040

HistoryJun 09, 2012 - 12:55 a.m.

CVE-2012-2040

2012-06-0900:55:01

CWE-426

adobe

web.nvd.nist.gov

cve-2012-2040

adobe flash player

installer

vulnerability

windows

mac os x

linux

android

adobe air

privilege escalation

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

40.3%

JSON

Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory.

Affected configurations

Nvd

Node

adobeflash_playerRange≤11.2.202.235

AND

applemacosMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤11.1.115.8

AND

googleandroidRange4.0–4.4.4

Node

adobeflash_playerRange≤11.1.111.9

AND

googleandroidRange2.0–3.2.6

Node

adobeairRange≤3.2.0.2070

AND

applemacosMatch-

googleandroidMatch-

microsoftwindowsMatch-

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

suselinux_enterprise_desktopMatch10sp4

suselinux_enterprise_desktopMatch11sp1

suselinux_enterprise_desktopMatch11sp2

VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
adobeair*cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
opensuseopensuse11.4cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
opensuseopensuse12.1cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
suselinux_enterprise_desktop10cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
google	android	*	cpe:2.3:o:google:android::::::::
adobe	air	*	cpe:2.3:a:adobe:air::::::::
google	android	-	cpe:2.3:o:google:android:-:::::::*
opensuse	opensuse	11.4	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
opensuse	opensuse	12.1	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
suse	linux_enterprise_desktop	10	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::