Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2012-1535 | Adobe Flash Player Arbitrary Code Execution Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
This vulnerability is exploited by having a user execute a maliciously-crafted word document that has embedded swf. The embedded swf can download additional malicious software from the web.
References
|
| CVE-2012-1535 | Adobe Flash Player Arbitrary Code Execution Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited by having a user execute a maliciously-crafted word document that has embedded swf. The embedded swf can download additional malicious software from the web.
References
|