CVE-2012-1535

KEV

Published: Ago 15, 2012 Last Modified: Ott 22, 2025

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,8

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

HIGH 9,3

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: complete

Integrity: complete

Availability: complete

Description

AI Translation Available

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,9168

Percentile

1,0th

Updated

EPSS Score Trend (Last 91 Days)

Improper Input Validation

Stable

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality Integrity

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Memory Read Files Or Directories Modify Memory Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

Improper Control of Generation of Code ('Code Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality Availability Non-Repudiation

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities

Applicable Platforms

Languages: Interpreted

Technologies: AI/ML

Likelihood of Exploit: Medium

View CWE Details

Exploit

Adobe Flash Player 11.3 - Font Parsing Code …

Verified Metasploit Framework (MSF)

Adobe Flash Player 11.3 - Font Parsing Code Execution (Metasploit)

Author: Metasploit Published: Status: Verified

View Exploit Code →

Operating System

Enterprise Linux Desktop by Redhat

Product Information

Vendor Redhat

Product Enterprise Linux Desktop

Version 5.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Flash Player by Adobe

Product Information

Vendor Adobe

Product Flash Player

Version Range Affected

To 11.3.300.271 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Enterprise Desktop by Suse

Product Information

Vendor Suse

Product Linux Enterprise Desktop

Version 10

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Enterprise Linux Server by Redhat

Product Information

Vendor Redhat

Product Enterprise Linux Server

Version 5.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Flash Player by Adobe

Product Information

Vendor Adobe

Product Flash Player

Version Range Affected

To 11.2.202.238 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Enterprise Linux Workstation by Redhat

Product Information

Vendor Redhat

Product Enterprise Linux Workstation

Version 5.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Opensuse by Opensuse

Product Information

Vendor Opensuse

Product Opensuse

Version 11.4

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Opensuse by Opensuse

Product Information

Vendor Opensuse

Product Opensuse

Version 12.1

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.cisa.gov/known-exploited-vulnerabilities-catalo…

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012…

http://lists.opensuse.org/opensuse-security-announce/2012-0…

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2012-0…

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html

http://marc.info/?l=bugtraq&m=139455789818399&w=2

http://rhn.redhat.com/errata/RHSA-2012-1203.html

http://security.gentoo.org/glsa/glsa-201209-01.xml

http://www.adobe.com/support/security/bulletins/apsb12-18.h…

http://www.adobe.com/support/security/bulletins/apsb12-18.html

http://lists.opensuse.org/opensuse-security-announce/2012-0…

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2012-0…

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html

http://marc.info/?l=bugtraq&m=139455789818399&w=2

http://rhn.redhat.com/errata/RHSA-2012-1203.html

http://security.gentoo.org/glsa/glsa-201209-01.xml

http://www.adobe.com/support/security/bulletins/apsb12-18.h…

http://www.adobe.com/support/security/bulletins/apsb12-18.html

CVE-2012-1535

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Improper Input Validation

Common Consequences

Applicable Platforms

Improper Control of Generation of Code ('Code Injection')

Common Consequences

Applicable Platforms

Adobe Flash Player 11.3 - Font Parsing Code …

Enterprise Linux Desktop by Redhat

Product Information

Flash Player by Adobe

Product Information

Linux Enterprise Desktop by Suse

Product Information

Enterprise Linux Server by Redhat

Product Information

Flash Player by Adobe

Product Information

Enterprise Linux Workstation by Redhat

Product Information

Opensuse by Opensuse

Product Information

Opensuse by Opensuse

Product Information

Iscriviti alla newsletter