CVE-2012-1535

HIGH KEV

Adobe Flash Player < 11.3.300.271 - Remote Code Execution via Crafted SWF Content

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2012-1535 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022. EIP tracks 2 public exploits from researchers including Metasploit, Alexander Gavrun, sinn3r, juan vazquez, including a Metasploit module exploits/windows/browser/adobe_flash_otf_font.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in Adobe Flash Player before 11.3.300.271 by supplying a corrupt Font file used by the SWF, leading to arbitrary remote code execution under the context of the user. It includes ROP chains for different Flash versions and targets specific IE versions on Windows XP SP3.

Description

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/20624

This Metasploit module exploits a vulnerability in Adobe Flash Player before 11.3.300.271 by supplying a corrupt Font file used by the SWF, leading to arbitrary remote code execution under the context of the user. It includes ROP chains for different Flash versions and targets specific IE versions on Windows XP SP3.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Adobe Flash Player before 11.3.300.271
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Specific versions of Adobe Flash Player and Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Alexander Gavrun, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_otf_font.rb

This Metasploit module exploits an integer overflow in Adobe Flash Player's handling of the 'kern' table in OTF fonts, leading to remote code execution. It includes ROP chains for various Flash versions and targets multiple browser/OS combinations.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player before 11.3.300.271
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Flash Player must be vulnerable and enabled in the browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Not Applicable, Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb12-18.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1203.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-01.xml
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=139455789818399&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html

Scores

CVSS v3 7.8
EPSS 0.9161
EPSS Percentile 99.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-03
VulnCheck KEV 2012-08-15
InTheWild.io 2018-10-30
ENISA EUVD EUVD-2012-1553
CWE
CWE-20 CWE-94
Status published
Products (7)
adobe/flash_player < 11.3.300.271
opensuse/opensuse 11.4
opensuse/opensuse 12.1
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_server 5.0
redhat/enterprise_linux_workstation 5.0
suse/linux_enterprise_desktop 10 sp4
Published Aug 15, 2012
KEV Added Mar 03, 2022
Tracked Since Feb 18, 2026