Adobe Flash patches zero-day XSS, 6 critical vulnerabilities


Adobe Flash patches zero-day XSS, 6 critical vulnerabilities Staff

In this patch

Bugs leading to code execution

  • CVE-2012-0751 - Resolves a memory corruption flaw (Windows ActiveX control only).
  • CVE-2012-0752 - Patches a type confusion memory corruption flaw.
  • CVE-2012-0753 - Fixes an MP4 parsing memory corruption flaw.
  • CVE-2012-0754 - Patches a memory corruption flaw.
  • CVE-2012-0755 - Resolves a security bypass flaw.
  • CVE-2012-0756 - Fixes a security bypass flaw.

Other bug-fixes

  • CVE-2012-0767 - Resolves a universal cross-site scripting flaw.

Adobe has released an out-of-cycle patch for Flash Player to address a zero-day vulnerability that it believes might be exploited in the wild. Seven critical vulnerabilities have been fixed, according to an

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

Adobe security bulletin released February 15.

The Flash Player update patches a universal cross-site scripting (XSS) vulnerability that may allow attackers to potentially take actions on a user’s behalf, if the user visits a malicious website. According to Adobe’s advisory, this vulnerability is reportedly being exploited in the wild using a link delivered via email (Internet Explorer on Windows only). In addition, the patch fixes four memory corruption bugs and two security bypass vulnerabilities that may be used for remote code execution exploits.

Adobe recommends that users of Adobe Flash Player for Windows, Macintosh, Linux and Solaris, v11.1.102.55 and earlier, update to Adobe Flash Player v11.1.102.62. Flash Player v11.1.112.61 for Android 4.x may be updated to v11.1.115.6. Flash Player v11.1.111.5 and earlier for Android 3.x and earlier versions should updated to v11.1.111.6.

This update follows hot on the heels of Adobe’s Shockwave Player update released hours before Microsoft’s February patch on Tuesday. These critical vulnerabilities do not affect other Adobe products (Reader and Acrobat), as has been the case with previous Flash bugs.