CVE-2012-0767 : Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.

Published 2012-02-16 19:55:01

Updated 2023-01-30 18:00:27

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

CVE-2012-0767 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability

CISA required action:

The impacted product is end-of-life and should be disconnected if still in use.

CISA description:

Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.

Added on 2022-06-08 Action due date 2022-06-22

Exploit prediction scoring system (EPSS) score for CVE-2012-0767

Probability of exploitation activity in the next 30 days: 0.28%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-0767

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-0767

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0767

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933

Repository / Oval Repository
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0144.html

RHSA-2012:0144 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-201204-07.xml

Adobe Flash Player: Multiple vulnerabilities (GLSA 201204-07) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html

[security-announce] openSUSE-SU-2012:0265-1: critical: flash-player to 1
Broken Link

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806

Repository / Oval Repository
Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb12-03.html

Adobe - Security Bulletins: APSB12-03 - Security update available for Adobe Flash Player
Broken Link;Patch;Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/48265

Sign in
Broken Link

CVEs referencing this url

Products affected by CVE-2012-0767