CVE-2012-5277
Description
Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Adobe Flash Player allows arbitrary code execution via unspecified vectors; affects multiple platforms and versions prior to patched releases.
Vulnerability
A buffer overflow vulnerability exists in Adobe Flash Player versions before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x. Adobe AIR before 3.5.0.600 and Adobe AIR SDK before 3.5.0.600 are also affected. The vulnerability can be triggered via unspecified vectors [1].
Exploitation
An attacker can exploit this vulnerability by providing malicious content that triggers the buffer overflow. The exact attack vector is not disclosed, but common Flash Player attack vectors include specially crafted SWF files or web pages. No authentication or user interaction beyond normal browsing may be required [1].
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the affected application, potentially leading to complete compromise of the user's system [1].
Mitigation
Adobe has released updates to address this vulnerability: Flash Player 10.3.183.43 and 11.5.502.110 for Windows/Mac, 11.2.202.251 for Linux, and appropriate versions for Android; AIR 3.5.0.600. Red Hat provides updated flash-plugin packages via RHSA-2012:1431 [1]. Users should apply updates as soon as possible.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.5.0.600
- (no CPE)range: <=3.5.0.600
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <3.5.0.600
- (no CPE)range: <=3.5.0.600
- Range: <=11.5.502.110 (multiple branch versions)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.adobe.com/support/security/bulletins/apsb12-24.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1431.htmlnvdThird Party Advisory
- secunia.com/advisories/51186nvdThird Party Advisory
- secunia.com/advisories/51207nvdThird Party Advisory
- secunia.com/advisories/51213nvdThird Party Advisory
- secunia.com/advisories/51245nvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/79848nvdVDB Entry
News mentions
0No linked articles in our index yet.