CVE-2012-5279
Description
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player and AIR before certain versions are vulnerable to memory corruption, enabling arbitrary code execution or denial of service.
Vulnerability
Adobe Flash Player and Adobe AIR contain a memory corruption vulnerability that can be triggered via unspecified vectors. Affected versions include Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x. Adobe AIR before 3.5.0.600 and Adobe AIR SDK before 3.5.0.600 are also affected. The vulnerability is reachable when a user processes crafted Flash content.
Exploitation
An attacker can exploit this vulnerability by delivering a specially crafted Flash file to a target user, typically via a malicious website or email attachment. No authentication is required, but user interaction (e.g., opening the file or visiting a compromised site) is necessary. The unspecified vectors likely involve memory corruption during parsing or rendering of the Flash content.
Impact
Successful exploitation allows an attacker to execute arbitrary code on the affected system with the privileges of the user running Flash Player or AIR. Alternatively, an attacker could cause a denial of service (application crash). This can lead to full compromise of the user's data and system.
Mitigation
Adobe released fixed versions: Flash Player 10.3.183.43, 11.5.502.110 (Windows/Mac), 11.2.202.251 (Linux), 11.1.111.24 (Android 2.x/3.x), 11.1.115.27 (Android 4.x); AIR 3.5.0.600; and AIR SDK 3.5.0.600. Red Hat provided updates via RHSA-2012:1431 [1]. Users should update to the latest versions as soon as possible. No workarounds are documented.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.5.0.600
- (no CPE)range: <3.5.0.600
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <3.5.0.600
- (no CPE)range: <3.5.0.600
- Range: <11.5.502.110
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- www.adobe.com/support/security/bulletins/apsb12-24.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1431.htmlnvdThird Party Advisory
- secunia.com/advisories/51186nvdThird Party Advisory
- secunia.com/advisories/51207nvdThird Party Advisory
- secunia.com/advisories/51213nvdThird Party Advisory
- secunia.com/advisories/51245nvdThird Party Advisory
- www.securityfocus.com/bid/56554nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/79850nvdVDB Entry
News mentions
0No linked articles in our index yet.