Accessibility

Security bulletin

Security Bulletin for Adobe Flash Professional

Release date: May 8, 2012

Last Updated: June 25, 2012

Vulnerability identifier: APSB12-12

Priority: 3

CVE number: CVE-2012-0778

Platform: Windows and Macintosh

Summary

Adobe released a security update for Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) for Windows and Macintosh. This update addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system.

Note that Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh addresses this vulnerability. No update is required for users of Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh.

Affected software versions

Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325) and earlier versions for Windows and Macintosh

Solution

Adobe has released Adobe Flash Professional CS5.5 (11.5.2.349) to address the vulnerability highlighted in this security bulletin.

Adobe recommends Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) customers update their product installation by following the instructions provided in the technote: http://helpx.adobe.com/flash/kb/flash-professional-cs55-security-update.html.

Priority and Severity ratings

Adobe categorizes this update with the following priority rating:

Product
Updated Version
Platform
Priority Rating
Adobe Flash Professional CS5.5 (11.5.2.349) Windows and Macintosh
3


This update addresses a critical vulnerability in the software.

Details

Adobe released a security update for Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) for Windows and Macintosh. This update addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system.

Note that Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh addresses this vulnerability. No update is required for users of Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh.

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-0778).

Acknowledgments

Adobe would like to thank the following individual and organization for reporting the issue and for working with Adobe to help protect our customers:

  • Tielei Wang, Georgia Tech Information Security Center via Secunia SVCRP (CVE-2012-0778)

Revisions

June 25, 2012 - Added information on release of update to Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325).
May 11, 2012 - Corrected last affected version number.
May 8, 2012 - Bulletin released.