Red Hat Bugzilla – Bug 819003
CVE-2012-0779 flash-plugin: arbitrary code execution via object confusion (APSB12-09)
Last modified: 2018-02-12 13:09:42 EST
Adobe security bulletin APSB12-09 describes a security flaw that can lead to arbitrary code execution when a malicious SWF file is opened in Adobe Flash Player:
These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.
Adobe has not yet made 10.3.x versions for Linux/UNIX available for download as of yet.
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Hat Enterprise Linux 5
Via RHSA-2012:0688 https://rhn.redhat.com/errata/RHSA-2012-0688.html