CVE-2012-0779
CVE-2012-0779 is a critical-severity vulnerability in Adobe Flash Player with a CVSS 2.0 base score of 9.3. Its EPSS exploit-prediction score of 86% places it in the 100th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: Critical (CVSS 2.0 base score 9.3)
- EPSS exploit prediction: 86% (100th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Adobe Flash Player
- Published:
- Last modified:
Description
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
Frequently asked questions
- What is CVE-2012-0779?
- Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
- How severe is CVE-2012-0779?
- CVE-2012-0779 has a CVSS 2.0 base score of 9.3, rated critical severity.
- Is CVE-2012-0779 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 86% (100th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-0779?
- CVE-2012-0779 affects Adobe Flash Player. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2012-0779?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2012-0779 published?
- CVE-2012-0779 was published on 2012-05-04 and last updated on 2026-06-16.
References
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00005.html
- http://osvdb.org/81656
- http://rhn.redhat.com/errata/RHSA-2012-0688.html
- http://secunia.com/advisories/49038
- http://secunia.com/advisories/49096
- http://www.adobe.com/support/security/bulletins/apsb12-09.html
- http://www.securityfocus.com/bid/53395
- http://www.securitytracker.com/id?1027023
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75383
Affected products (1)
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
More vulnerabilities in Adobe Flash Player
- CVE-2015-8459 — Critical (CVSS 10.0): Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on…
- CVE-2015-8457 — Critical (CVSS 10.0): Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and…
- CVE-2015-8455 — Critical (CVSS 10.0): Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on…
- CVE-2015-8454 — Critical (CVSS 10.0): Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and…
- CVE-2015-8452 — Critical (CVSS 10.0): Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and…
- CVE-2015-8451 — Critical (CVSS 10.0): Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on…