VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 7, 2012· Updated Apr 29, 2026

CVE-2012-5280

CVE-2012-5280

Description

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 allows arbitrary code execution via unspecified vectors.

Vulnerability

A buffer overflow vulnerability exists in Adobe Flash Player and Adobe AIR that allows arbitrary code execution via unspecified vectors. The affected versions include Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x. Adobe AIR before 3.5.0.600 and Adobe AIR SDK before 3.5.0.600 are also affected [1]. This vulnerability is distinct from CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.

Exploitation

Exploitation requires an attacker to deliver a malicious SWF or AIR file to a user. The attacker must persuade the user to open the file, visit a specially crafted website, or cause the vulnerable player to process the malicious content. The exact sequence of steps is not disclosed in the available references, but the vulnerability is triggered via unspecified vectors that cause a buffer overflow in the Flash Player or AIR runtime.

Impact

Successful exploitation allows an attacker to execute arbitrary code on the affected system. The attacker gains code execution within the context of the user running the Flash Player or AIR application, potentially leading to full system compromise and impacts on confidentiality, integrity, and availability.

Mitigation

Adobe has released fixed versions: Flash Player 10.3.183.43 and 11.5.502.110 for Windows and Mac OS X, 11.2.202.251 for Linux, 11.1.111.24 for Android 2.x and 3.x, and 11.1.115.27 for Android 4.x; Adobe AIR 3.5.0.600 and Adobe AIR SDK 3.5.0.600 [1]. Users should update to these or later versions. Red Hat has issued RHSA-2012:1431 to address this issue in Red Hat Enterprise Linux [1]. No workarounds are detailed in the provided references.

References
  1. http://rhn.redhat.com/errata/RHSA-2012-1431.html

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Adobe Inc./Air2 versions
    cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <3.5.0.600
    • (no CPE)range: before 3.5.0.600
  • Adobe Inc./Air Sdk2 versions
    cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <3.5.0.600
    • (no CPE)range: before 3.5.0.600
  • Adobe Inc./Flashplayer
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
    Range: >=10.3,<10.3.183.43
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: before 10.3.183.43 and before 11.5.502.110 (Windows/Mac), before 11.2.202.251 (Linux), before 11.1.111.24 (Android 2.x/3.x), before 11.1.115.27 (Android 4.x)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

News mentions

0

No linked articles in our index yet.