Bug 848180 (CVE-2012-1535)

Summary: CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: aladke, ed.costello, emhuang, mmelanso, mtilburg, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: flash-plugin 11.2.202.238 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-25 16:18:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 848191, 848192, 848634, 848635    
Bug Blocks: 848181    

Description Vincent Danen 2012-08-14 20:30:30 UTC 
Adobe security bulletin APSB12-18 describes one security flaw that could cause Adobe Flash Player to crash and potentially allow an attacker to take control of the affected system:

Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.

There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.


External Reference:

http://www.adobe.com/support/security/bulletins/apsb12-18.html
Comment 2 Vincent Danen 2012-08-14 21:09:18 UTC 
The Linux version that fixes this flaw is 11.2.202.238.
Comment 3 errata-xmlrpc 2012-08-15 19:27:47 UTC 
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1173 https://rhn.redhat.com/errata/RHSA-2012-1173.html
Comment 6 errata-xmlrpc 2012-08-23 16:29:15 UTC 
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:1203 https://rhn.redhat.com/errata/RHSA-2012-1203.html