Security bulletin

Security Bulletin for Adobe Flash Professional

Release date: May 8, 2012

Vulnerability identifier: APSB12-12

Priority: 3

CVE number: CVE-2012-0778

Platform: Windows and Macintosh

Summary

Adobe released a security upgrade for Adobe Flash Professional CS5.5 (11.5.1.349) and earlier for Windows and Macintosh. This upgrade addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system.

Adobe has released Adobe Flash Professional CS6, which addresses this vulnerability. For users who cannot upgrade to Adobe Flash Professional CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.

Affected software versions

Adobe Flash Professional CS5.5 (11.5.1.349) and earlier for Windows and Macintosh

Solution

Adobe has released Adobe Flash Professional CS6 (paid upgrade), which addresses this vulnerability. For users who cannot upgrade to Adobe Flash Professional CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.

Priority and Severity ratings

Adobe categorizes this upgrade with the following priority rating:

Product	Updated Version	Platform	Priority Rating
Adobe Flash Professional	CS6	Windows and Macintosh	3

This update addresses a critical vulnerability in the software.

Details

This upgrade resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-0778).

Acknowledgments

Adobe would like to thank the following individual and organization for reporting the relevant issue and for working with Adobe to help protect our customers:

Tielei Wang, Georgia Tech Information Security Center via Secunia SVCRP (CVE-2012-0778)

Security bulletin