Cyber Resilience

CVE-2012-1535

HighCISA KEVActive ExploitationEUVD Exploited

Published: 15 August 2012

Published
15 August 2012
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9161 99.7th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2012-1535 is a high-severity Improper Input Validation (CWE-20) vulnerability in Adobe Flash Player. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2012-1535 is an unspecified vulnerability affecting Adobe Flash Player versions before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux. It stems from flaws in input validation and code generation (CWE-20 and CWE-94) when processing SWF content, enabling memory corruption that can be triggered by malformed files.

Remote attackers can exploit the issue by serving crafted SWF content to victims, achieving arbitrary code execution or denial of service through an application crash. The vulnerability was observed in active exploitation in August 2012, where attackers embedded malicious SWF data inside a Microsoft Word document to target end users who opened the file with an affected Flash Player installed.

Advisories from vendors including openSUSE, Red Hat, and Gentoo direct administrators to apply the corresponding Flash Player updates referenced in their security announcements (such as RHSA-2012-1203) to eliminate the exposure. The flaw received a CVSS 3.1 score of 7.8, reflecting its local attack vector combined with high impact on confidentiality, integrity, and availability when successfully triggered by a user opening untrusted content.

EU & UK References

Vulnerability details

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited…

more

in the wild in August 2012 with SWF content in a Word document.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

adobe
flash player
≤ 11.3.300.271 · ≤ 11.2.202.238
redhat
enterprise linux desktop
5.0
redhat
enterprise linux server
5.0
redhat
enterprise linux workstation
5.0
opensuse
opensuse
11.4, 12.1
suse
linux enterprise desktop
10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor patches that eliminate the Flash Player input-validation flaw before crafted SWF content can be processed.

prevent

Requires defining and enforcing usage restrictions and security controls for mobile code (Flash SWF) that can execute arbitrary code when opened in documents.

preventdetect

Mandates malicious-code protection mechanisms that can block or detect exploit-laden SWF content delivered via e-mail or documents.

References