Back
CVE-2012-1535
HIGH
CISA KEV
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
Published: Aug 15, 2012
Modified: Apr 22, 2026
CWE-20
CWE-94
CWE-20
CWE-94
CVSS Metrics
CVSSv3
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products (8)
| Vendor | Product | Version |
|---|---|---|
| adobe | flash_player | * < 11.3.300.271 |
| adobe | flash_player | * < 11.2.202.238 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_workstation | 5.0 |
| opensuse | opensuse | 11.4 |
| opensuse | opensuse | 12.1 |
| suse | linux_enterprise_desktop | 10 |
References (13)
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=139455789818399&w=2 Mailing List
- http://rhn.redhat.com/errata/RHSA-2012-1203.html Third Party Advisory
- http://security.gentoo.org/glsa/glsa-201209-01.xml Third Party Advisory
- http://www.adobe.com/support/security/bulletins/apsb12-18.html Not Applicable, Patch, Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=139455789818399&w=2 Mailing List
- http://rhn.redhat.com/errata/RHSA-2012-1203.html Third Party Advisory
- http://security.gentoo.org/glsa/glsa-201209-01.xml Third Party Advisory
- http://www.adobe.com/support/security/bulletins/apsb12-18.html Not Applicable, Patch, Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1535 US Government Resource
Risk Scores
CVSS Score
7.8 / 10
EPSS Score
70.38%
Top 1% most likely to be exploited
Threat Score
82.3 / 100
CISA Known Exploited
Date Added:
2022-03-03
Due Date:
2022-03-24
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
Data Sources
NVD
CISA KEV
EPSS