CVE-2012-1535

Published: Aug 15, 2012Modified: Apr 22, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

Affected (8)

Products: Adobe: Flash Player · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Opensuse: Opensuse · +1 more

Show all products

Adobe: Flash Player · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Opensuse: Opensuse · Suse: Linux Enterprise Desktop

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

1 product

1 product

Linux Enterprise Desktop

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Before 11.3.300.271

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Before 11.2.202.238

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Workstation	Version 5.0

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Opensuse Opensuse	Version 12.1
Suse Linux Enterprise Desktop	Version 10 sp4

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (13)

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=139455789818399&w=2

Source: cve@mitre.org

Mailing List

http://rhn.redhat.com/errata/RHSA-2012-1203.html

Source: cve@mitre.org

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201209-01.xml

Source: cve@mitre.org

Third Party Advisory

http://www.adobe.com/support/security/bulletins/apsb12-18.html

Source: cve@mitre.org

Not ApplicablePatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=139455789818399&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://rhn.redhat.com/errata/RHSA-2012-1203.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201209-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.adobe.com/support/security/bulletins/apsb12-18.html

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicablePatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1535

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.