Adobe Flash Player OpenType Font Integer Overflow

Added: 08/27/2012
CVE: CVE-2012-1535
BID: 55009
OSVDB: 84607

Background

Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.

Problem

Adobe Flash Player 11.3.300.270 (and earlier) on Windows is vulnerable to remote code execution via an integer overflow vulnerability. A remote attacker who convinces a user with the vulnerable Flash Player to open a specially crafted .swf file could exploit this issue to execute arbitrary code in the context of the user running the affected application.

Resolution

Upgrade to Adobe Flash Player 11.3.300.271 on Windows systems.

References

http://www.adobe.com/support/security/bulletins/apsb12-18.html
http://blog.trendmicro.com/cve-2012-1535-exploit-leads-to-backdoor/

Limitations

This exploit has been tested against Adobe Systems Flash Player 11.3.300.270 on Microsoft Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). JRE 6 must be installed on Windows 7.

The user must open the exploit page in Internet Explorer 8 or 9 on the target.

Platforms

Windows

Back to exploit index