Home Adobe CVE-2012-1535
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Adobe

CVE-2012-1535

Exploited

Adobe Flash Player - Flash Player Component

Adobe CVSS 7.8 Updated April 30, 2026

Executive Risk Summary

"A vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content. This vulnerability has been exploited in the wild, specifically with SWF content embedded in a Word document."

Anticipated Attack Path

  1. 1. Initial Exploitation: Attacker crafts malicious SWF content
  2. 2. Vulnerability Exploitation: Malicious SWF content is executed by Adobe Flash Player
  3. 3. Post-Exploitation: Arbitrary code execution or denial of service

Am I Vulnerable?

  • Verify Adobe Flash Player version is updated to 11.3.300.271 or later on Windows and Mac OS X, and 11.2.202.238 or later on Linux
  • Monitor for suspicious SWF content
  • Apply security updates from Adobe

Operational Audit Arsenal

Target Type Process
Target Asset flashplayer.exe
Standard Path Windows and Mac OS X systems with Adobe Flash Player installed
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: flashplayer.exe (Process)
$Targets = 'flashplayer.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Unlikely

Minimal, as the update only affects Adobe Flash Player

Internal Work Notes

Vulnerability in Adobe Flash Player allows arbitrary code execution or denial of service, update to latest version to mitigate

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html
Official Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html
Official Advisoryhttp://marc.info/?l=bugtraq&m=139455789818399&w=2
Official Advisoryhttp://rhn.redhat.com/errata/RHSA-2012-1203.html
Official Advisoryhttp://security.gentoo.org/glsa/glsa-201209-01.xml
Adobe Bulletinhttp://www.adobe.com/support/security/bulletins/apsb12-18.html
Official Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html
Official Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html
Official Advisoryhttp://marc.info/?l=bugtraq&m=139455789818399&w=2
Official Advisoryhttp://rhn.redhat.com/errata/RHSA-2012-1203.html
Official Advisoryhttp://security.gentoo.org/glsa/glsa-201209-01.xml
Adobe Bulletinhttp://www.adobe.com/support/security/bulletins/apsb12-18.html
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1535

Related Adobe Threats

CVE-2011-4373 CVSS 9.8

Adobe Reader and Acrobat - PDF Rendering Engine
CVE-2011-4372 CVSS 9.8

Adobe Reader and Acrobat - PDF Rendering Engine
CVE-2010-0378 CVSS 8.8

Adobe Flash Player - Flash Object
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.