Bug 819003 - (CVE-2012-0779) CVE-2012-0779 flash-plugin: arbitrary code execution via object confusion (APSB12-09)
CVE-2012-0779 flash-plugin: arbitrary code execution via object confusion (AP...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 819004 819005 819006 819007
Blocks: 819017
  Show dependency treegraph
Reported: 2012-05-04 10:57 EDT by Vincent Danen
Modified: 2018-02-12 13:09 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-05-23 05:23:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-05-04 10:57:35 EDT
Adobe security bulletin APSB12-09 describes a security flaw that can lead to arbitrary code execution when a malicious SWF file is opened in Adobe Flash Player:

These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system. 
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.

External References:

Comment 2 Vincent Danen 2012-05-14 18:02:48 EDT
Adobe has not yet made 10.3.x versions for Linux/UNIX available for download as of yet.
Comment 3 errata-xmlrpc 2012-05-23 04:50:49 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:0688 https://rhn.redhat.com/errata/RHSA-2012-0688.html

Note You need to log in before you can comment on or make changes to this bug.