ID

VAR-201208-0526


CVE

CVE-2012-1535


TITLE

Adobe Flash Player Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-003656

DESCRIPTION

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Flash Player 11.3.300.270 and earlier versions are vulnerable. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:1173-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1173.html Issue date: 2012-08-15 CVE Names: CVE-2012-1535 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.238-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.238-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.238-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.238-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.238-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.238-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1535.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQK/hJXlSAg2UNWIIRAkFzAKCPRocUjqxLsay0dkbHh61QBjKQawCgk5w2 8EH4iUcReCfqqbmx0B7pt/M= =4lNr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA50285 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50285/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50285 RELEASE DATE: 2012-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/50285/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50285/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50285 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. No more information is currently available. NOTE: The vulnerability is currently being actively exploited in targeted attacks via Word documents against the Windows version. SOLUTION: Update to version 11.3.300.270 for Windows, Mac, and Chrome or version 11.2.202.238 for Linux. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. The vendor also credits Alexander Gavrun via iDefense VCP. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb12-18.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . (CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-10 Last Updated: 2014-03-10 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), or disclosure of information. HP Systems Insight Manager (SIM) prior to v7.3 for Linux and Windows (CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555) HP Systems Insight Manager (SIM) prior to v7.2 for Linux and Windows (CVE-2012-4168, CVE-2012-4167, CVE-2012-4165, CVE-2012-4164, CVE-2012-4163, CVE-2012-1535) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1535 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-4163 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4164 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4165 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4167 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-4168 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-0646 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0650 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1371 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1375 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1378 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1379 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1380 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-2555 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made Systems Insight Manager (SIM) v7.3 available for Linux and Windows to resolve the vulnerabilities. Information and downloads for HP SIM can be found at the following locations: http://h18013.www1.hp.com/products/servers/management/hpsim/download.html Insight Management DVD: http://h18013.www1.hp.com/products/servers/management/fpdownload.html HISTORY Version:1 (rev.1) - 10 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.238" References ========== [ 1 ] CVE-2012-1535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1535 [ 2 ] CVE-2012-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163 [ 3 ] CVE-2012-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164 [ 4 ] CVE-2012-4165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165 [ 5 ] CVE-2012-4166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166 [ 6 ] CVE-2012-4167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167 [ 7 ] CVE-2012-4168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2012-1535 // JVNDB: JVNDB-2012-003656 // BID: 55009 // VULHUB: VHN-54816 // VULMON: CVE-2012-1535 // PACKETSTORM: 115576 // PACKETSTORM: 115522 // PACKETSTORM: 115525 // PACKETSTORM: 115844 // PACKETSTORM: 125655 // PACKETSTORM: 116242

AFFECTED PRODUCTS

vendor:opensusemodel:opensusescope:eqversion:12.1

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:5.0

Trust: 1.0

vendor:adobemodel:flash playerscope:ltversion:11.3.300.271

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:5.0

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:10

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:5.0

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.4

Trust: 1.0

vendor:adobemodel:flash playerscope:ltversion:11.2.202.238

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:11.2.202.236 (linux)

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:11.3.300.270 (chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:11.3.300.270 (windows and macintosh)

Trust: 0.8

vendor:adobemodel:flash playerscope:lteversion:11.3.300.270 ( network distribution )

Trust: 0.8

vendor:microsoftmodel:internet explorerscope:eqversion:10

Trust: 0.8

vendor:microsoftmodel:windows 8scope:eqversion:for 32-bit systems

Trust: 0.8

vendor:microsoftmodel:windows 8scope:eqversion:for 64-bit systems

Trust: 0.8

vendor:microsoftmodel:windows rtscope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows serverscope:eqversion:2012

Trust: 0.8

vendor:adobemodel:flash playerscope:eqversion:10.0.42.34

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.0.2.54

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.2.152.26

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.1.52.14

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.1.92.10

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.1

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.0.15.3

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:2

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:3

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:10.1.95.1

Trust: 0.6

vendor:susemodel:linux enterprise desktop sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:11

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:12.1

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:researchmodel:in motion blackberry playbook tablet softwarescope:eqversion:2.0.0.7971

Trust: 0.3

vendor:researchmodel:in motion blackberry playbook tablet softwarescope:eqversion:1.0.8.6067

Trust: 0.3

vendor:researchmodel:in motion blackberry playbook tablet softwarescope:eqversion:1.0.8.4985

Trust: 0.3

vendor:researchmodel:in motion blackberry playbook tablet softwarescope:eqversion:1.0.7.3312

Trust: 0.3

vendor:researchmodel:in motion blackberry playbook tablet softwarescope:eqversion:1.0.7.2942

Trust: 0.3

vendor:researchmodel:in motion blackberry playbook tablet softwarescope:eqversion:1.0.6

Trust: 0.3

vendor:researchmodel:in motion blackberry playbook tablet softwarescope:eqversion:1.0.5.2342

Trust: 0.3

vendor:researchmodel:in motion blackberry playbook tablet softwarescope:eqversion:1.0.5.2304

Trust: 0.3

vendor:redmodel:hat enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux server supplementaryscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementaryscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:opensusemodel:opensusescope:eqversion:12.2

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:7.0

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.3

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.2

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0.0.96

Trust: 0.3

vendor:hpmodel:systems insight managerscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.96379

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.96365

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16.0.91275

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.43

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.37

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.33

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.31

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.30

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.8

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.38

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.28

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.27

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.172

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.170.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.169.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.169.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.159.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.158.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.157.2

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.157.0

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:2.0.156.1

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:19.0.1084.52

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:19

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:18.0.1025.168

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:18.0.1025.162

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:18.0.1025.151

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:18.0.1025.142

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.83

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.78

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.60

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.56

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:17.0.963.46

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16.0.912.77

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16.0.912.75

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16.0.912.63

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:16

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.235

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.233

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.229

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.223

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.112.61

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.9

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.63

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.62

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.0.1.152

Trust: 0.3

sources: BID: 55009 // JVNDB: JVNDB-2012-003656 // CNNVD: CNNVD-201208-219 // NVD: CVE-2012-1535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1535
value: HIGH

Trust: 1.0

NVD: CVE-2012-1535
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201208-219
value: CRITICAL

Trust: 0.6

VULHUB: VHN-54816
value: HIGH

Trust: 0.1

VULMON: CVE-2012-1535
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-1535
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-54816
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2012-1535
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-54816 // VULMON: CVE-2012-1535 // JVNDB: JVNDB-2012-003656 // CNNVD: CNNVD-201208-219 // NVD: CVE-2012-1535

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-1535

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-219

TYPE

arbitrary

Trust: 0.4

sources: PACKETSTORM: 115576 // PACKETSTORM: 115844 // PACKETSTORM: 125655 // PACKETSTORM: 116242

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003656

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-54816 // VULMON: CVE-2012-1535

PATCH

title:APSB12-18url:http://www.adobe.com/support/security/bulletins/apsb12-18.html

Trust: 0.8

title:APSB12-18 (cq08150306)url:http://helpx.adobe.com/jp/flash-player/kb/cq08150306.html

Trust: 0.8

title:APSB12-18url:http://www.adobe.com/jp/support/security/bulletins/apsb12-18.html

Trust: 0.8

title:Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (KB2755399)url:http://support.microsoft.com/kb/2755399

Trust: 0.8

title:Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)url:http://technet.microsoft.com/en-us/security/advisory/2755801

Trust: 0.8

title:SUSE-SU-2012:1001url:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html

Trust: 0.8

title:openSUSE-SU-2012:0996url:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html

Trust: 0.8

title:RHSA-2012:1203url:http://rhn.redhat.com/errata/RHSA-2012-1203.html

Trust: 0.8

title:Internet Explorer 10 における Adobe Flash Player の脆弱性に関する更新プログラム (2755801)url:http://technet.microsoft.com/ja-jp/security/advisory/2755801

Trust: 0.8

title:アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20120816f.html

Trust: 0.8

title:Red Hat: Critical: flash-plugin security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121173 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: flash-plugin security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121203 - Security Advisory

Trust: 0.1

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

title: - url:https://threatpost.com/windows-8-users-remain-vulnerable-flash-exploits-until-october-091012/76991/

Trust: 0.1

title: - url:https://threatpost.com/elderwood-crew-tied-google-aurora-attack-targeting-defense-energy-finance-companies-090712/76987/

Trust: 0.1

title: - url:https://threatpost.com/phishing-fanboys-phony-iphone-5-images-082112/76931/

Trust: 0.1

title: - url:https://threatpost.com/adobe-patches-critical-flash-bug-releases-massive-reader-update-081412/76912/

Trust: 0.1

sources: VULMON: CVE-2012-1535 // JVNDB: JVNDB-2012-003656

EXTERNAL IDS

db:NVDid:CVE-2012-1535

Trust: 3.3

db:JVNDBid:JVNDB-2012-003656

Trust: 0.8

db:CNNVDid:CNNVD-201208-219

Trust: 0.7

db:SECUNIAid:50286

Trust: 0.7

db:SECUNIAid:50285

Trust: 0.7

db:NSFOCUSid:20349

Trust: 0.6

db:BIDid:55009

Trust: 0.5

db:PACKETSTORMid:125655

Trust: 0.2

db:PACKETSTORMid:115576

Trust: 0.2

db:PACKETSTORMid:115844

Trust: 0.2

db:PACKETSTORMid:116242

Trust: 0.2

db:EXPLOIT-DBid:20624

Trust: 0.2

db:SEEBUGid:SSVID-60333

Trust: 0.1

db:SEEBUGid:SSVID-74493

Trust: 0.1

db:PACKETSTORMid:115670

Trust: 0.1

db:VULHUBid:VHN-54816

Trust: 0.1

db:VULMONid:CVE-2012-1535

Trust: 0.1

db:PACKETSTORMid:115522

Trust: 0.1

db:PACKETSTORMid:115525

Trust: 0.1

sources: VULHUB: VHN-54816 // VULMON: CVE-2012-1535 // BID: 55009 // JVNDB: JVNDB-2012-003656 // PACKETSTORM: 115576 // PACKETSTORM: 115522 // PACKETSTORM: 115525 // PACKETSTORM: 115844 // PACKETSTORM: 125655 // PACKETSTORM: 116242 // CNNVD: CNNVD-201208-219 // NVD: CVE-2012-1535

REFERENCES

url:http://www.adobe.com/support/security/bulletins/apsb12-18.html

Trust: 2.4

url:http://security.gentoo.org/glsa/glsa-201209-01.xml

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2012-1203.html

Trust: 1.3

url:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html

Trust: 1.2

url:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html

Trust: 1.2

url:http://marc.info/?l=bugtraq&m=139455789818399&w=2

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1535

Trust: 0.8

url:http://www.ipa.go.jp/security/ciadr/vul/20120815-adobe.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2012/at120024.txt

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1535

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/#topics

Trust: 0.8

url:http://secunia.com/advisories/50285

Trust: 0.6

url:http://secunia.com/advisories/50286

Trust: 0.6

url:http://www.nsfocus.net/vulndb/20349

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-1535

Trust: 0.4

url:http://www.adobe.com/products/flash/

Trust: 0.3

url:http://lists.opensuse.org/opensuse-updates/2013-02/msg00082.html

Trust: 0.3

url:http://googlechromereleases.blogspot.in/2012/08/stable-channel-update_14.html

Trust: 0.3

url:http://www.blackberry.com/btsc/kb32019

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04039150

Trust: 0.3

url:http://technet.microsoft.com/en-us/security/advisory/2755801

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-4167

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-4165

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-4164

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-4168

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-4163

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1535.html

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:http://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.2

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.2

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.2

url:http://secunia.com/csi6beta

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-4166

Trust: 0.2

url:http://marc.info/?l=bugtraq&amp;m=139455789818399&amp;w=2

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2012:1173

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/windows-8-users-remain-vulnerable-flash-exploits-until-october-091012/76991/

Trust: 0.1

url:https://www.exploit-db.com/exploits/20624/

Trust: 0.1

url:https://www.securityfocus.com/bid/55009

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/55009

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-1173.html

Trust: 0.1

url:http://googlechromereleases.blogspot.dk/2012/08/stable-channel-update_14.html

Trust: 0.1

url:http://secunia.com/advisories/50286/#comments

Trust: 0.1

url:http://secunia.com/advisories/50286/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50286

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50285

Trust: 0.1

url:http://secunia.com/advisories/50285/#comments

Trust: 0.1

url:http://secunia.com/advisories/50285/

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4164.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4166.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4165.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4168.html

Trust: 0.1

url:http://www.adobe.com/support/security/bulletins/apsb12-19.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4167.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4163.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2555

Trust: 0.1

url:http://h18013.www1.hp.com/products/servers/management/hpsim/download.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0650

Trust: 0.1

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1371

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1375

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1380

Trust: 0.1

url:http://h18013.www1.hp.com/products/servers/management/fpdownload.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1378

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0646

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4166

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1535

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4164

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4168

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4163

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4167

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4165

Trust: 0.1

sources: VULHUB: VHN-54816 // VULMON: CVE-2012-1535 // BID: 55009 // JVNDB: JVNDB-2012-003656 // PACKETSTORM: 115576 // PACKETSTORM: 115522 // PACKETSTORM: 115525 // PACKETSTORM: 115844 // PACKETSTORM: 125655 // PACKETSTORM: 116242 // CNNVD: CNNVD-201208-219 // NVD: CVE-2012-1535

CREDITS

Alexander Gavrun through iDefense's Vulnerability Contributor Program.

Trust: 0.3

sources: BID: 55009

SOURCES

db:VULHUBid:VHN-54816
db:VULMONid:CVE-2012-1535
db:BIDid:55009
db:JVNDBid:JVNDB-2012-003656
db:PACKETSTORMid:115576
db:PACKETSTORMid:115522
db:PACKETSTORMid:115525
db:PACKETSTORMid:115844
db:PACKETSTORMid:125655
db:PACKETSTORMid:116242
db:CNNVDid:CNNVD-201208-219
db:NVDid:CVE-2012-1535

LAST UPDATE DATE

2024-08-14T12:58:33.938000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-54816date:2018-10-30T00:00:00
db:VULMONid:CVE-2012-1535date:2018-10-30T00:00:00
db:BIDid:55009date:2015-03-19T09:10:00
db:JVNDBid:JVNDB-2012-003656date:2012-12-26T00:00:00
db:CNNVDid:CNNVD-201208-219date:2012-08-16T00:00:00
db:NVDid:CVE-2012-1535date:2024-07-16T17:38:08.570

SOURCES RELEASE DATE

db:VULHUBid:VHN-54816date:2012-08-15T00:00:00
db:VULMONid:CVE-2012-1535date:2012-08-15T00:00:00
db:BIDid:55009date:2012-08-14T00:00:00
db:JVNDBid:JVNDB-2012-003656date:2012-08-17T00:00:00
db:PACKETSTORMid:115576date:2012-08-15T23:03:58
db:PACKETSTORMid:115522date:2012-08-14T04:36:39
db:PACKETSTORMid:115525date:2012-08-14T04:36:48
db:PACKETSTORMid:115844date:2012-08-24T01:20:49
db:PACKETSTORMid:125655date:2014-03-11T21:32:37
db:PACKETSTORMid:116242date:2012-09-05T03:40:41
db:CNNVDid:CNNVD-201208-219date:2012-08-16T00:00:00
db:NVDid:CVE-2012-1535date:2012-08-15T10:31:40.677