[Japanese]

JVNDB-2012-000046

Flash Player issue in implementations of the Same Origin Policy

Overview

Flash Player contains an issue in implementations of the Same Origin Policy.

SoundMixer.computeSpectrum() method, included in Flash Player, contains an issue in implementations of the Same Origin Policy.

Mitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


Adobe Systems, Inc.
  • Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux
  • Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x

Impact

An attacker may obtain sound spectrum data that user playing in violation of the same-origin policy.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Adobe Systems, Inc. FUJITSU
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-2038
References

  1. JVN : JVN#38163638
  2. National Vulnerability Database (NVD) : CVE-2012-2038
Revision History

[2012/06/11]
  Web page was published
[2012/06/13]
  Vendor Information : Content was added