CVE-2012-0756
Description
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on multiple platforms bypasses intended access restrictions via unspecified vectors, enabling unauthorized actions.
Vulnerability
Adobe Flash Player versions before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x contain a vulnerability that allows attackers to bypass intended access restrictions. The issue is triggered via unspecified vectors, as noted by Red Hat [1] and Gentoo [2]. Affected builds include all versions prior to the specified patched releases.
Exploitation
An attacker can exploit this vulnerability by enticing a user to open a specially crafted SWF file [2]. No authentication or special network position beyond serving the SWF is required; the attack relies on user interaction (e.g., visiting a malicious webpage or opening a malicious file). The exploitation steps involve delivering a crafted Flash file that triggers the access-bypass condition through the unspecified vectors [1][2].
Impact
Successful exploitation allows the attacker to bypass intended access restrictions [1][2]. This could lead to arbitrary code execution, denial of service, cross-domain policy bypass, web script injection, or sensitive information disclosure, depending on the specific attack scenario [2]. The compromise occurs at the privilege level of the user running Flash Player.
Mitigation
Adobe released fixed versions: Flash Player 10.3.183.15, 11.1.102.62, 11.1.111.6 (Android 2.x/3.x), and 11.1.115.6 (Android 4.x) on February 15, 2012. Red Hat issued advisory RHSA-2012:0144 for affected Linux distributions [1], and Gentoo published GLSA 201204-07 recommending upgrade to version 11.2.202.228 for Linux users [2]. There is no known workaround if the patch cannot be applied [2]. This CVE is not listed on the CISA KEV as of the publication date.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: before 10.3.183.15 and before 11.1.102.62
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.adobe.com/support/security/bulletins/apsb12-03.htmlnvdBroken LinkPatchVendor Advisory
- rhn.redhat.com/errata/RHSA-2012-0144.htmlnvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201204-07.xmlnvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14881nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16149nvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.htmlnvdBroken Link
- secunia.com/advisories/48265nvdBroken Link
- secunia.com/advisories/48819nvdBroken Link
News mentions
0No linked articles in our index yet.