CVE-2012-5275
Description
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in Adobe Flash Player and AIR allows arbitrary code execution via unspecified vectors.
Vulnerability
A buffer overflow vulnerability exists in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x. It also affects Adobe AIR before 3.5.0.600 and Adobe AIR SDK before 3.5.0.600. The vulnerability is triggered via unspecified vectors [1].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious Flash file that triggers a buffer overflow when processed by an affected version of Flash Player or AIR. No further details on the required attack vector are provided in the available references [2], but the CVE description indicates the flaw is remotely exploitable.
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the affected software, potentially leading to full system compromise [1]. The impact is consistently rated as critical across affected platforms.
Mitigation
Adobe released fixed versions: Flash Player 10.3.183.43, 11.5.502.110 (Windows/Mac), 11.2.202.251 (Linux), 11.1.111.24 (Android 2.x/3.x), 11.1.115.27 (Android 4.x), and AIR 3.5.0.600. Red Hat also issued updates via RHSA-2012:1431 [1]. Users should update to the latest patched versions. No workaround is described in the references.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.5.0.600
- (no CPE)range: <3.5.0.600
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <3.5.0.600
- (no CPE)range: <3.5.0.600
- Range: <10.3.183.43 (Windows, Mac, Linux) or <11.5.502.110 (Win/Mac) or <11.2.202.251 (Linux) or <11.1.111.24 (Android 2,3) or <11.1.115.27 (Android 4)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.adobe.com/support/security/bulletins/apsb12-24.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1431.htmlnvdThird Party Advisory
- secunia.com/advisories/51186nvdThird Party Advisory
- secunia.com/advisories/51207nvdThird Party Advisory
- secunia.com/advisories/51213nvdThird Party Advisory
- secunia.com/advisories/51245nvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/79846nvdVDB Entry
News mentions
0No linked articles in our index yet.