CVE-2012-1535
CVE-2012-1535
In short
Adobe Flash Player had a flaw that allowed attackers to run malicious code or crash the application by sending specially crafted Flash files. This vulnerability was actively exploited in real attacks during August 2012, including through Flash files embedded in Word documents.
Technical detail
Unspecified input validation flaw (CWE-20) in Adobe Flash Player versions prior to 11.3.300.271 (Windows/Mac) and 11.2.202.238 (Linux) permits remote code execution or denial of service through maliciously crafted SWF files. Attack vector is network-based with low complexity; no authentication required. Exploitation was observed in the wild via SWF content embedded in Office documents.
Summary generated and translated by AI from the official description.
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/20624unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.htmlhttp://marc.info/?l=bugtraq&m=139455789818399&w=2http://rhn.redhat.com/errata/RHSA-2012-1203.htmlhttp://security.gentoo.org/glsa/glsa-201209-01.xmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1535http://www.adobe.com/support/security/bulletins/apsb12-18.html