CVE-2012-1535
HIGH KEVAdobe Flash Player < 11.3.300.271 - Code Injection
Title source: ruleDescription
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/20624
metasploit
WORKING POC
NORMAL
by Alexander Gavrun, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_otf_font.rb
References (7)
Scores
CVSS v3
7.8
EPSS
0.9161
EPSS Percentile
99.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-03-03
VulnCheck KEV
2012-08-15
InTheWild.io
2018-10-30
ENISA EUVD
EUVD-2012-1553
CWE
CWE-20
CWE-94
Status
published
Products (7)
adobe/flash_player
< 11.3.300.271
opensuse/opensuse
11.4
opensuse/opensuse
12.1
redhat/enterprise_linux_desktop
5.0
redhat/enterprise_linux_server
5.0
redhat/enterprise_linux_workstation
5.0
suse/linux_enterprise_desktop
10 sp4
Published
Aug 15, 2012
KEV Added
Mar 03, 2022
Tracked Since
Feb 18, 2026