CVE-2012-5278
Description
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player and AIR before certain versions allow remote attackers to bypass access restrictions and execute arbitrary code via unspecified vectors.
Vulnerability
CVE-2012-5278 is an unspecified vulnerability in Adobe Flash Player and Adobe AIR that allows attackers to bypass intended access restrictions and execute arbitrary code. Affected versions include Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X; before 10.3.183.43 and 11.x before 11.2.202.251 on Linux; before 11.1.111.24 on Android 2.x and 3.x; before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600. The exact nature of the flaw is not publicly detailed, but it resides in the core runtime of Flash Player and AIR.
Exploitation
An attacker can exploit this vulnerability by convincing a user to view a specially crafted web page or open a malicious file (e.g., a SWF or HTML document) that triggers the flaw. No authentication or special network position is required; the attack is typically delivered via a web browser or email. The unspecified vectors likely involve memory corruption or logic errors that can be triggered without user interaction beyond opening the content.
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the affected user. This can lead to full system compromise, including installation of malware, data theft, or further lateral movement within a network. The vulnerability bypasses security restrictions, giving the attacker the same privileges as the logged-in user.
Mitigation
Adobe released fixed versions in November 2012. For Red Hat Enterprise Linux, the advisory [1] provides updated packages (flash-plugin-11.2.202.251-1.el6). Users should update Flash Player to the latest versions: 10.3.183.43 or 11.5.502.110 (Windows/Mac), 11.2.202.251 (Linux), 11.1.111.24 (Android 2.x/3.x), 11.1.115.27 (Android 4.x); and Adobe AIR to 3.5.0.600. No workarounds are available; updating is the only mitigation.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.adobe.com/support/security/bulletins/apsb12-24.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1431.htmlnvdThird Party Advisory
- secunia.com/advisories/51186nvdThird Party Advisory
- secunia.com/advisories/51207nvdThird Party Advisory
- secunia.com/advisories/51213nvdThird Party Advisory
- secunia.com/advisories/51245nvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/79851nvdVDB Entry
News mentions
0No linked articles in our index yet.