https://www.adobe.com/support/security/bulletins/apsb12-14.html
Security updates available for Adobe Flash Player (APSB12-14)
June 8, 2012
Today, a Security Bulletin (APSB12-14) has been posted regarding the availability of priority 2 updates for Adobe Flash Player 11.2.202.228 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. Adobe recommends users apply the updates for their product installations.
With this update, we are enabling a new background updater for Flash Player for Macintosh. For more information, please refer to the ASSET blog.
Affected software versions
Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux operating systems
Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x
Adobe AIR 3.2.0.2070 and earlier versions for Windows, Macintosh and Android
These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2034).
These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2012-2035).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-2036).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2037).
These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2012-2038).
These updates resolve null dereference vulnerabilities that could lead to code execution (CVE-2012-2039).
These updates resolve a binary planting vulnerability in the Flash Player installer that could lead to code execution (CVE-2012-2040).
http://www.v3.co.uk/v3-uk/news/2183180/adobe-posts-security-fix-flash-player
https://www.pcworld.com/article/257221/cybercrime_much_bigger_than_al_qaeda.html#tk.hp_new
Cybercrime 'Much Bigger Than Al Qaeda'
It is unlikely that Americans will ever again see commercial jets crashing into skyscrapers, piloted by terrorists. But Department of Homeland Security (DHS) Secretary Janet Napolitano believes that malicious computer code generated by groups like al Qaeda are just as big a threat to the security and stability of the nation.
Does that mean that we are at war with cyberterrorists? Napolitano doesn't go that far -- she uses the term "cybercrime," as do a number of cybersecurity experts.
http://www.neowin.net/news/exploit-allows-any-application-to-run-on-top-of-windows-7-login-screen
Windows 7 Exploit Allows Any Program To Run On Login Screen
By setting password protection on access to your Windows PC, the notion is that you’re safe from intrusion, and although this is largely true in most cases, that doesn’t mean there are not ways to circumvent the apparently strict security. You would presume – as should be the case – that the only way one could access a locked account is to have guessed the password, but thanks to a few tricks involving command prompts and sticky keys, anybody with a short amount of elevated access could easily start running executables right from the login screen.
Hack allows any application to run on top of Windows 7 login screen
Update: This same hack works on Windows 8 Consumer Preview at time of writing. As noted by many others, this is not really an exploit and has existed for some time now, however, it can be a little fun to try on your own workstation.
http://carnal0wnage.attackresearch.com/2012/04/privilege-escalation-via-sticky-keys.html
Privilege Escalation via "Sticky" Keys
This has been documented all over, but i like things to be on the blog so i can find them...
You can gain a SYSTEM shell on an application you have administrative access on or if you have physical access to the box and can boot to repair disk or linux distro and can change files.
https://www.zdnet.com/blog/bott/safaris-disable-flash-feature-does-less-than-it-promises/5016