Security bulletin
Security Bulletin for Adobe Flash Professional
Release date: May 8, 2012
Last Updated: June 25, 2012
Vulnerability identifier: APSB12-12
Priority: 3
CVE number: CVE-2012-0778
Platform: Windows and Macintosh
Summary
Adobe released a security update for Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) for Windows and Macintosh. This update addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system.
Note that Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh addresses this vulnerability. No update is required for users of Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh.
Affected software versions
Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325) and earlier versions for Windows and Macintosh
Solution
Adobe has released Adobe Flash Professional CS5.5 (11.5.2.349) to address the vulnerability highlighted in this security bulletin.
Adobe recommends Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) customers update their product installation by following the instructions provided in the technote: http://helpx.adobe.com/flash/kb/flash-professional-cs55-security-update.html.
Priority and Severity ratings
Adobe categorizes this update with the following priority rating:
Product |
Updated Version |
Platform |
Priority Rating |
| Adobe Flash Professional |
CS5.5 (11.5.2.349) |
Windows and Macintosh |
3 |
This update addresses a critical vulnerability in the software.
Details
Adobe released a security update for Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) for Windows and Macintosh. This update addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system.
Note that Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh addresses this vulnerability. No update is required for users of Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh.
This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-0778).
Acknowledgments
Adobe would like to thank the following individual and organization for reporting the issue and for working with Adobe to help protect our customers:
- Tielei Wang, Georgia Tech Information Security Center via Secunia SVCRP (CVE-2012-0778)
Revisions
June 25, 2012 - Added information on release of update to Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325).
May 11, 2012 - Corrected last affected version number.
May 8, 2012 - Bulletin released.
