1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability

Known Exploited Vulnerabilities CVE-2012-0767

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2012-0767 Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability secondary_impact T1114.002 Remote Email Collection
Comments
This cross-site scripting vulnerability has been exploited in the wild by enticing a user to click on a link to a malicious website. The attacker can then impersonate the user and perform actions such as changing the user's settings on the website or accessing the user's webmail.
References
  1. https://www.jpcert.or.jp/english/at/2012/at120006.html
CVE-2012-0767 Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability secondary_impact T1098 Account Manipulation
Comments
This cross-site scripting vulnerability has been exploited in the wild by enticing a user to click on a link to a malicious website. The attacker can then impersonate the user and perform actions such as changing the user's settings on the website or accessing the user's webmail.
References
  1. https://www.jpcert.or.jp/english/at/2012/at120006.html
CVE-2012-0767 Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability primary_impact T1185 Browser Session Hijacking
Comments
This cross-site scripting vulnerability has been exploited in the wild by enticing a user to click on a link to a malicious website. The attacker can then impersonate the user and perform actions such as changing the user's settings on the website or accessing the user's webmail.
References
  1. https://www.jpcert.or.jp/english/at/2012/at120006.html
CVE-2012-0767 Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability exploitation_technique T1204.001 Malicious Link
Comments
This cross-site scripting vulnerability has been exploited in the wild by enticing a user to click on a link to a malicious website. The attacker can then impersonate the user and perform actions such as changing the user's settings on the website or accessing the user's webmail.
References
  1. https://www.jpcert.or.jp/english/at/2012/at120006.html