Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via or IRC
Bug 414603 (CVE-2012-0779) - <www-plugins/adobe-flash- object confusion remote code execution vulnerability (CVE-2012-0779)
Summary: <www-plugins/adobe-flash- object confusion remote code execution...
Alias: CVE-2012-0779
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2012-05-04 14:41 UTC by Tim Sammut (RETIRED)
Modified: 2012-06-23 20:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2012-05-04 14:41:03 UTC
From the upstream advisory at $URL:

Adobe released security updates for Adobe Flash Player and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player and earlier versions for Android 4.x, and Adobe Flash Player and earlier versions for Android 3.x and 2.x. These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.

Adobe recommends users of Adobe Flash Player and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player Flash Player installed with Google Chrome was updated automatically, so no user action is required.
Comment 1 Jim Ramsay (lack) (RETIRED) gentoo-dev 2012-05-05 02:43:44 UTC
Just bumped flash to

As usual, stabilize any time.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-05-05 02:57:40 UTC
Thanks, Jim.

Arches, please test and mark stable:
Target keywords : "amd64 x86"
Comment 3 Elijah "Armageddon" El Lazkani (amd64 AT) 2012-05-05 05:16:42 UTC
amd64: pass
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2012-05-05 11:28:31 UTC
amd64 done. Thanks  Elijah
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2012-05-05 12:51:03 UTC
I'm can't see problems for x86, tried run under firefox and chromium: all well.
Please mark stable.
Comment 6 Andreas Schürch gentoo-dev 2012-05-06 17:33:11 UTC
x86 stable, thanks Mikle.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-05-06 22:25:43 UTC
CVE-2012-0779 (
  Adobe Flash Player before and 11.x before on
  Windows, Mac OS X, and Linux; before on Android 2.x and 3.x; and
  before on Android 4.x allows remote attackers to execute
  arbitrary code via a crafted file, related to an "object confusion
  vulnerability," as exploited in the wild in May 2012.
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2012-05-07 02:51:50 UTC
Thanks, folks. Already in GLSA request.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-06-23 20:37:09 UTC
This issue was resolved and addressed in
 GLSA 201206-21 at
by GLSA coordinator Sean Amoss (ackle).