CVE-2012-5276
Description
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Adobe Flash Player before 10.3.183.43/11.5.502.110 (and other platforms) allows remote attackers to execute arbitrary code.
Vulnerability
Adobe Flash Player before version 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 contain a buffer overflow vulnerability that can be triggered via unspecified vectors [1]. This vulnerability is distinct from CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280.
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a specially crafted Flash file or access a malicious web page that loads the affected Flash content. No authentication is required; the attack is conducted remotely. The unspecified vectors likely involve malformed data that cause a buffer overflow when processed by the Flash Player [1].
Impact
Successful exploitation allows an attacker to execute arbitrary code on the affected system. The attacker can gain the same privileges as the user running the Flash Player instance, potentially leading to full compromise of the system, including data theft, installation of malware, or further network propagation.
Mitigation
Adobe has released fixed versions: Flash Player 10.3.183.43 and 11.5.502.110 (Windows/Mac), 11.2.202.251 (Linux), 11.1.111.24 (Android 2.x/3.x), 11.1.115.27 (Android 4.x); AIR 3.5.0.600; and AIR SDK 3.5.0.600 [1]. Users should update to the latest versions. Red Hat also issued an advisory (RHSA-2012:1431) to update Flash on Red Hat Enterprise Linux [1]. No workarounds are provided; the only mitigation is to apply the patch.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.5.0.600
- (no CPE)range: before 3.5.0.600
- Range: before 10.3.183.43 and 11.x before 11.5.502.110
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.adobe.com/support/security/bulletins/apsb12-24.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1431.htmlnvdThird Party Advisory
- secunia.com/advisories/51186nvdThird Party Advisory
- secunia.com/advisories/51207nvdThird Party Advisory
- secunia.com/advisories/51213nvdThird Party Advisory
- secunia.com/advisories/51245nvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/79847nvdVDB Entry
News mentions
0No linked articles in our index yet.