CVE-2012-5054
CVE-2012-5054
In short
Adobe Flash Player has a bug where a method that copies data can be tricked into overflowing, allowing attackers to run malicious code by sending specially crafted data.
Technical detail
An integer overflow vulnerability exists in the Matrix3D.copyRawDataTo() method, exploitable through malformed method arguments delivered via remote content, enabling arbitrary code execution with the privileges of the Flash Player process.
Summary generated and translated by AI from the official description.
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
cve_referencepacketstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78866https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-5054http://www.adobe.com/support/security/bulletins/apsb12-19.htmlhttp://www.vupen.com/english/services/ba-index.php