PT-2012-1237 · Adobe+2 · Flash Player+2

Published

2012-08-14

Updated

2025-04-03

CVE-2012-1535

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 11.3.300.271 on Windows and Mac OS X Adobe Flash Player versions prior to 11.2.202.238 on Linux

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content. This was exploited in the wild in August 2012 with SWF content in a Word document. The vulnerability is related to a buffer overflow in memory when processing SWF content.

Recommendations For Adobe Flash Player versions prior to 11.3.300.271 on Windows and Mac OS X, update to version 11.3.300.271 or later. For Adobe Flash Player versions prior to 11.2.202.238 on Linux, update to version 11.2.202.238 or later. As a temporary workaround, consider restricting the use of SWF content in documents until a patch is applied.

Exploit

Fix

RCE

DoS

Code Injection

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-119CWE-20

Related Identifiers

BDU:2022-04092

CVE-2012-1535

OPENSUSE-SU-2012_0996-1

OPENSUSE-SU-2013_0362-1

RHSA-2012:1173

RHSA-2012:1203

RHSA-2012_1173

SUSE-SU-2012_1001-1

SUSE-SU-2012_1001-2

Affected Products

Flash Player

Red Hat

Suse

PT-2012-1237 · Adobe+2 · Flash Player+2

CVE-2012-1535

Weakness Enumeration

Related Identifiers

Affected Products

References · 41