CVE-2012-0767

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.

Published: Feb 16, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-0767
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
adobe / flash_player	-	10.3.183.15
adobe / flash_player	11.0	11.1.102.62
adobe / flash_player	-	11.1.111.6
adobe / flash_player	-	11.1.115.6

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
http://rhn.redhat.com/errata/RHSA-2012-0144.html
http://secunia.com/advisories/48265
http://secunia.com/advisories/48819
http://security.gentoo.org/glsa/glsa-201204-07.xml
http://www.adobe.com/support/security/bulletins/apsb12-03.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933

Vulnerability Database

290,301

CVE-2012-0767