1. Home
  2. CVE Database
  3. CVE-2012-2040
HIGH · 9.3

CVE-2012-2040

Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on L...

Vulnerability Description

Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
AdobeFlash Player<= 11.2.202.235
AppleMacos-
LinuxLinux Kernel-
MicrosoftWindows-
GoogleAndroid>= 4.0, <= 4.4.4
AdobeAir<= 3.2.0.2070
OpensuseOpensuse11.4
SuseLinux Enterprise Desktop10

Related Weaknesses (CWE)

CWE-426

References

FAQ

What is CVE-2012-2040?

CVE-2012-2040 is a vulnerability with a CVSS score of 9.3 (HIGH). Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on L...

How severe is CVE-2012-2040?

CVE-2012-2040 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2040?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Macos, Linux Linux Kernel, Microsoft Windows, Google Android.