9.3
CVE-2012-5054
- EPSS 76.61%
- Published 24.09.2012 17:55:07
- Last modified 11.04.2025 00:51:21
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Flash Player Version < 11.4.402.265
08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe Flash Player Integer Overflow Vulnerability
VulnerabilityAdobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
DescriptionThe impacted product is end-of-life and should be disconnected if still in use.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 76.61% | 0.989 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.