Adobe Flash Player Object Confusion Code Execution

Added: 06/29/2012
CVE: CVE-2012-0779
BID: 53395
OSVDB: 81656


Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.


Adobe Flash Player (and earlier) on Windows is vulnerable to an "object confusion" vulnerability. A remote attacker who convinces a user with the vulnerable Flash Player to open a specially crafted file could exploit this issue to execute arbitrary code in the context of the user running the affected application.


Update to Flash Player or newer on Windows systems.



This exploit has been tested against Adobe Systems Flash Player on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

The HTML page must be opened using Firefox 12 (only on Windows XP) or Internet Explorer 7, 8, or 9 on the target.

JRE 6 must be installed on Windows 7.



Back to exploit index