Vulnerability detail
Enriched intelligence for a single CVE
Medium
CVE-2012-0767
PUBLISHEDCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and...
- Vendor
- Adobe
- Product
- Flash Player
- Published
- Feb 16, 2012
- EPSS
- —
Description
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitation status
Exploited in the wild
Recorded 2022-06-08 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- partial
References
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
- http://security.gentoo.org/glsa/glsa-201204-07.xml
- http://secunia.com/advisories/48265
- http://www.adobe.com/support/security/bulletins/apsb12-03.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806
- http://rhn.redhat.com/errata/RHSA-2012-0144.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933
- http://secunia.com/advisories/48819
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Jun 08, 2022 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel