CVE-2012-2040

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 10.3.183.20 and 11.x prior to 11.3.300.257 on Windows and Mac OS X Adobe Flash Player versions prior to 10.3.183.20 and 11.x prior to 11.2.202.236 on Linux Adobe Flash Player versions prior to 11.1.111.10 on Android 2.x and 3.x Adobe Flash Player versions prior to 11.1.115.9 on Android 4.x Adobe AIR versions prior to 3.3.0.3610

Description The issue allows local users to gain privileges via a Trojan horse executable file in an unspecified directory due to an untrusted search path vulnerability in the installer.

Recommendations For Adobe Flash Player versions prior to 10.3.183.20 on Windows, Mac OS X, and Linux, update to version 10.3.183.20 or later. For Adobe Flash Player versions prior to 11.3.300.257 on Windows and Mac OS X, update to version 11.3.300.257 or later. For Adobe Flash Player versions prior to 11.2.202.236 on Linux, update to version 11.2.202.236 or later. For Adobe Flash Player versions prior to 11.1.111.10 on Android 2.x and 3.x, update to version 11.1.111.10 or later. For Adobe Flash Player versions prior to 11.1.115.9 on Android 4.x, update to version 11.1.115.9 or later. For Adobe AIR versions prior to 3.3.0.3610, update to version 3.3.0.3610 or later.