1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Flash Player Arbitrary Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2012-1535

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2012-1535 Adobe Flash Player Arbitrary Code Execution Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
This vulnerability is exploited by having a user execute a maliciously-crafted word document that has embedded swf. The embedded swf can download additional malicious software from the web.
References
  1. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:SWF/CVE-2012-1535.A
CVE-2012-1535 Adobe Flash Player Arbitrary Code Execution Vulnerability exploitation_technique T1204.002 Malicious File
Comments
This vulnerability is exploited by having a user execute a maliciously-crafted word document that has embedded swf. The embedded swf can download additional malicious software from the web.
References
  1. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:SWF/CVE-2012-1535.A