CVE-2012-4168

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site.

Published: Aug 22, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-4168
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
adobe / flash_player	10.3	10.3.183.23
adobe / flash_player	11.4	11.4.402.265
adobe / flash_player	11.2	11.2.202.238
adobe / flash_player	11.1	11.1.111.16
adobe / flash_player	11.1	11.1.115.17
adobe / air	-	3.4.0.2540
adobe / air_sdk	-	3.4.0.2540

http://marc.info/?l=bugtraq&m=139455789818399&w=2
http://rhn.redhat.com/errata/RHSA-2012-1203.html
http://security.gentoo.org/glsa/glsa-201209-01.xml
http://www.adobe.com/support/security/bulletins/apsb12-19.html

Vulnerability Database

289,697

CVE-2012-4168