Bug 848180 (CVE-2012-1535)

Summary: CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: aladke, ed.costello, emhuang, mmelanso, mtilburg, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=critical,public=20120814,reported=20120814,source=internet,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhel-5/flash-plugin=affected,rhel-6/flash-plugin=affected
Fixed In Version: flash-plugin 11.2.202.238 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-25 12:18:51 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 848191, 848192, 848634, 848635    
Bug Blocks: 848181    

Description Vincent Danen 2012-08-14 16:30:30 EDT
Adobe security bulletin APSB12-18 describes one security flaw that could cause Adobe Flash Player to crash and potentially allow an attacker to take control of the affected system:

Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.

There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.


External Reference:

http://www.adobe.com/support/security/bulletins/apsb12-18.html
Comment 2 Vincent Danen 2012-08-14 17:09:18 EDT
The Linux version that fixes this flaw is 11.2.202.238.
Comment 3 errata-xmlrpc 2012-08-15 15:27:47 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1173 https://rhn.redhat.com/errata/RHSA-2012-1173.html
Comment 6 errata-xmlrpc 2012-08-23 12:29:15 EDT
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:1203 https://rhn.redhat.com/errata/RHSA-2012-1203.html