VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 21, 2012· Updated Apr 29, 2026

CVE-2012-4167

CVE-2012-4167

Description

Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in Adobe Flash Player and AIR allows remote code execution via crafted SWF content.

Vulnerability

An integer overflow vulnerability exists in Adobe Flash Player and Adobe AIR. The flaw resides in the handling of unspecified vectors within the Flash Player runtime. Affected versions include Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 [1][2][3].

Exploitation

An attacker can exploit this vulnerability by enticing a user to open a specially crafted SWF file, for example via a malicious web page or email attachment. No authentication is required, and the attack can be conducted remotely. The integer overflow leads to memory corruption, which can be leveraged to execute arbitrary code [2][3].

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the user running the Flash Player. This can lead to full compromise of the affected system, including data theft, installation of malware, or further network propagation [2][3].

Mitigation

Adobe has released updated versions to address this vulnerability. Users should upgrade to Flash Player 10.3.183.23, 11.4.402.265 (Windows/Mac), 11.2.202.238 (Linux), 11.1.111.16 (Android 2.x/3.x), 11.1.115.17 (Android 4.x), or AIR 3.4.0.2540 as appropriate. Red Hat and Gentoo have also issued updates [2][3]. No workaround is known [3].

References
  1. '[security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Window'
  2. http://rhn.redhat.com/errata/RHSA-2012-1203.html
  3. Multiple vulnerabilities (GLSA 201209-01) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Adobe Inc./Air2 versions
    cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.4.0.2540
    • (no CPE)range: <3.4.0.2540
  • Adobe Inc./Air Sdk2 versions
    cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <3.4.0.2540
    • (no CPE)range: <3.4.0.2540
  • Adobe Inc./Flashplayer
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
    Range: >=10.3,<10.3.183.23
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: <10.3.183.23 (Win/Mac) / <11.4.402.265 (Win/Mac) / <10.3.183.23 (Linux) / <11.2.202.238 (Linux) / <11.1.111.16 (Android 2.x/3.x) / <11.1.115.17 (Android 4.x)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.