CVE-2012-5274
Description
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Flash Player and AIR before specific versions allows arbitrary code execution via unspecified vectors.
Vulnerability
A buffer overflow vulnerability (CVE-2012-5274) exists in Adobe Flash Player versions prior to 10.3.183.43 and 11.5.502.110 on Windows and Mac OS X, prior to 10.3.183.43 and 11.2.202.251 on Linux, prior to 11.1.111.24 on Android 2.x and 3.x, and prior to 11.1.115.27 on Android 4.x. Affected products also include Adobe AIR prior to 3.5.0.600 and Adobe AIR SDK prior to 3.5.0.600. The flaw is triggered via unspecified vectors and is distinct from related CVEs [1].
Exploitation
An attacker can exploit this vulnerability by enticing a user to open a specially crafted Flash file or visit a malicious website serving the crafted content. No additional authentication is required; successful exploitation relies on user interaction (e.g., clicking a link or opening a file). The specific attack vector details are not publicly disclosed in the available references [1].
Impact
Successful exploitation allows an attacker to execute arbitrary code within the context of the affected application, potentially gaining full control of the vulnerable system. The impact includes complete compromise of confidentiality, integrity, and availability [1].
Mitigation
Adobe has addressed this vulnerability in the following fixed versions: Flash Player 10.3.183.43 and 11.5.502.110 (Windows/Mac), 11.2.202.251 (Linux), 11.1.111.24 (Android 2.x/3.x), 11.1.115.27 (Android 4.x); AIR 3.5.0.600; and AIR SDK 3.5.0.600. Red Hat released updated packages (RHSA-2012:1431) to address this issue for affected platforms. Users should update to the latest versions as soon as possible [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.5.0.600
- (no CPE)range: <3.5.0.600
- Range: <10.3.183.43 (Win/Mac), <11.5.502.110 (Win/Mac), <10.3.183.43 (Linux), <11.2.202.251 (Linux), <11.1.111.24 (Android 2.x/3.x), <11.1.115.27 (Android 4.x)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.adobe.com/support/security/bulletins/apsb12-24.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1431.htmlnvdThird Party Advisory
- secunia.com/advisories/51186nvdThird Party Advisory
- secunia.com/advisories/51207nvdThird Party Advisory
- secunia.com/advisories/51213nvdThird Party Advisory
- secunia.com/advisories/51245nvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/79845nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.