Attacker Value

Very High

(1 user assessed)

Exploitability

High

(1 user assessed)

User Interaction

CVE-2012-1535

Disclosure Date: August 15, 2012 •

CVE-2012-1535 CVSS v3 Base Score: 7.8

Exploited in the Wild

Reported by gwillcox-r7
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow

Description

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

Add Assessment

dmelcher5151 (19)

April 15, 2020 7:18pm UTC (4 years ago)

Ratings

Attacker Value

Very High

Exploitability

High

Common in enterprise Easy to weaponize Gives privileged access Vulnerable in default configuration Requires user interaction

Technical Analysis

A rather prolific exploit from the summer of ‘12. A couple Chinese intrusion sets went ham with this almost as a final hurrah considering the exposure it brought on them and how things changed over the years to follow.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

adobe,
opensuse,
redhat,
suse

Products

enterprise linux desktop 5.0,
enterprise linux server 5.0,
enterprise linux workstation 5.0,
flash player,
linux enterprise desktop 10,
opensuse 11.4,
opensuse 12.1

Metasploit Modules

Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_otf_font.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: March 07, 2022 5:55pm UTC (2 years ago)

References

Canonical

CVE-2012-1535 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1535)

Advisory

http://www.adobe.com/support/security/bulletins/apsb12-18.html

http://rhn.redhat.com/errata/RHSA-2012-1203.html

GLSA-201209-01 (http://security.gentoo.org/glsa/glsa-201209-01.xml)

HPSBMU02948 (http://marc.info?l=bugtraq&m=139455789818399&w=2)

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html

Rapid7

Very High

CVE-2012-1535

Very High

High

Required

None

Local

CVE-2012-1535

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Additional Info

Technical Analysis

Very High

CVE-2012-1535

Very High

High

Required

None

Local

CVE-2012-1535

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification