848180 – (CVE-2012-1535) CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18)

Bug 848180 (CVE-2012-1535) - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18)

Summary: CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18)

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-1535
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	848191 848192 848634 848635
Blocks:	848181
TreeView+	depends on / blocked

Reported:	2012-08-14 20:30 UTC by Vincent Danen
Modified:	2021-02-23 14:08 UTC (History)
CC List:	6 users (show)
Fixed In Version:	flash-plugin 11.2.202.238
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-08-25 16:18:51 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:1173	0	normal	SHIPPED_LIVE	Critical: flash-plugin security update	2012-08-15 23:26:46 UTC
Red Hat Product Errata	RHSA-2012:1203	0	normal	SHIPPED_LIVE	Critical: flash-plugin security update	2012-08-23 20:28:08 UTC

Description Vincent Danen 2012-08-14 20:30:30 UTC

Adobe security bulletin APSB12-18 describes one security flaw that could cause Adobe Flash Player to crash and potentially allow an attacker to take control of the affected system:

Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.

There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.


External Reference:

http://www.adobe.com/support/security/bulletins/apsb12-18.html

Comment 2 Vincent Danen 2012-08-14 21:09:18 UTC

The Linux version that fixes this flaw is 11.2.202.238.

Comment 3 errata-xmlrpc 2012-08-15 19:27:47 UTC

This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2012:1173 https://rhn.redhat.com/errata/RHSA-2012-1173.html

Comment 6 errata-xmlrpc 2012-08-23 16:29:15 UTC

This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:1203 https://rhn.redhat.com/errata/RHSA-2012-1203.html

Note You need to log in before you can comment on or make changes to this bug.