CVE-2012-0779
Description
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 contains an object confusion vulnerability allowing remote code execution via a crafted file, actively exploited in May 2012.
Vulnerability
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux, as well as before 11.1.111.9 on Android 2.x and 3.x and before 11.1.115.8 on Android 4.x, is affected by an object confusion vulnerability [1]. An attacker can trigger this memory corruption flaw by providing a specially crafted file [1].
Exploitation
A remote attacker can exploit this vulnerability by enticing a victim to open a malicious Flash file (e.g., via a web page or email attachment). No authentication is required, and the attack can be delivered over the web. The vulnerability was exploited in the wild in May 2012 [1].
Impact
Successful exploitation allows arbitrary code execution on the affected system within the context of the user running Flash Player. An attacker may gain the same privileges as the user, potentially leading to full compromise of the system.
Mitigation
Adobe released fixed versions: 10.3.183.19 and 11.2.202.235 for desktop platforms, and corresponding versions for Android [1]. Red Hat provided updates for Adobe Flash Player packages in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0688 [1]. Users should apply these updates promptly.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: before 10.3.183.19, 11.x before 11.2.202.235, Android 2/3 before 11.1.111.9, Android 4 before 11.1.115.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- lists.opensuse.org/opensuse-security-announce/2012-05/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-05/msg00005.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-0688.htmlnvdThird Party Advisory
- secunia.com/advisories/49038nvdThird Party Advisory
- secunia.com/advisories/49096nvdThird Party Advisory
- www.adobe.com/support/security/bulletins/apsb12-09.htmlnvdVendor Advisory
- www.securityfocus.com/bid/53395nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/75383nvdThird Party AdvisoryVDB Entry
- osvdb.org/81656nvdBroken Link
News mentions
0No linked articles in our index yet.