| CVE ID | CVE-2012-0754 |
| CVSS SCORE | 9.0, AV:N/AC:L/Au:N/C:P/I:P/A:C |
| AFFECTED VENDORS |
Adobe |
| AFFECTED PRODUCTS |
Flash Player |
| VULNERABILITY DETAILS |
The specific flaw exists within the way Adobe Flash player handles calls to the _global.ASconstructor function. If this function is called with id '2200' it will write a 0x01 byte to a user supplied address. This memory corruption can result in remote code execution under the context of the current user. |
| ADDITIONAL DETAILS |
Adobe has issued an update to correct this vulnerability. More details can be found at:
http://www.adobe.com/support/security/bulletins/apsb12-03.html |
| DISCLOSURE TIMELINE |
|
| CREDIT | Alexander Gavrun |
