Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasADOBE_FLASH_OTF_PARSING
HistoryAug 15, 2012 - 10:31 a.m.

Immunity Canvas: ADOBE_FLASH_OTF_PARSING

2012-08-1510:31:00
Immunity Canvas
exploitlist.immunityinc.com
21

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.943 High

EPSS

Percentile

99.0%

JSON
Name adobe_flash_otf_parsing
CVE CVE-2012-1535 Exploit Pack
VENDOR: Adobe
Notes:
This exploit takes advantage of a integer overflow that leads to a heap based buffer overflow. The
kern_table contains an integer that when set to >= 0x1000000 leads to integer wrap which eventually
triggers a function pointer call.

Using a carefully constructed heap spray, an attacker can control the memory located at the
function pointer and achieve reliable code execution.

Tested on:

  • Windows XP Professional SP3 English with Internet Explorer 6
  • Windows XP Professional SP3 English with Internet Explorer 7
  • Windows XP Professional SP3 English with Internet Explorer 8
  • Windows Vista English with Internet Explorer 7
  • Windows Vista English with Internet Explorer 8
  • Windows Vista English with Internet Explorer 9
  • Windows 7 English with Internet Explorer 8
  • Windows 7 English with Internet Explorer 9

Usage (important):
This exploit will most likley not work with the js_recon module as loading third party
software will damage heap offsets.

VersionsAffected: Adobe Flash Player 11.3.300.257/11.3.300.265/11.3.300.268
Repeatability: Once
References: http://www.adobe.com/support/security/bulletins/apsb12-18.html
CVE Url: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1535
Date public: 07/16/2012
CVSS: 9.0

Related

nessus 10
threatpost 4
suse 4
prion 1
openvas 10
seebug 2
saint 4
attackerkb 2
metasploit 1
cisa_kev 1
symantec 1
cve 1
checkpoint_advisories 1
packetstorm 1
ubuntucve 1
exploitdb 1
thn 1
gentoo 1
redhat 2
securityvulns 2
myhack58 1
nessus
nessus
openSUSE Security Update : flash-player (openSUSE-SU-2012:0996-1)
2014-06-13 00:00:00
SuSE 11.1 Security Update : flash-player (SAT Patch Number 6678)
2013-01-25 00:00:00
SuSE 10 Security Update : flash-player (ZYPP Patch Number 8249)
2012-08-20 00:00:00
threatpost
threatpost
Adobe Patches Critical Flash Bug, Releases Massive Reader Update
2012-08-14 18:09:38
Early Windows 8 Users to Remain Vulnerable to Flash Exploits Until October
2012-09-10 17:10:48
Phishing for Fanboys with Phony iPhone 5 Images
2012-08-21 15:38:24
suse
suse
flash-player to 11.2.202.238 (critical)
2013-02-28 18:25:22
Security update for flash-player (important)
2012-08-17 16:08:27
Security update for flash-player (important)
2012-08-17 21:08:41
prion
prion
Code injection
2012-08-15 10:31:00
openvas
openvas
Adobe Flash Player Font Parsing Code Execution Vulnerability - Mac OS X
2012-08-20 00:00:00
Adobe Flash Player Font Parsing Code Execution Vulnerability - (Windows)
2012-08-20 00:00:00
Adobe Flash Player Font Parsing Code Execution Vulnerability - (Mac OS X)
2012-08-20 00:00:00
seebug
seebug
Adobe Flash Player θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2012-1535)
2012-08-18 00:00:00
Adobe Flash Player 11.3 Font Parsing Code Execution
2014-07-01 00:00:00
saint
saint
Adobe Flash Player OpenType Font Integer Overflow
2012-08-27 00:00:00
Adobe Flash Player OpenType Font Integer Overflow
2012-08-27 00:00:00
Adobe Flash Player OpenType Font Integer Overflow
2012-08-27 00:00:00
attackerkb
attackerkb
CVE-2012-1535 Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow
2020-10-21 00:00:00
CVE-2012-1535
2012-08-15 00:00:00
metasploit
metasploit
Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow
2012-08-17 17:23:49
cisa_kev
cisa_kev
Adobe Flash Player Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
symantec
symantec
Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability
2012-08-14 00:00:00
cve
cve
CVE-2012-1535
2012-08-15 10:31:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player SWF File Remote Code Execution (APSB12-18; CVE-2012-1535)
2012-08-15 00:00:00
packetstorm
packetstorm
Adobe Flash Player 11.3 Font Parsing Code Execution
2012-08-17 00:00:00
ubuntucve
ubuntucve
CVE-2012-1535
2012-08-15 00:00:00
exploitdb
exploitdb
Adobe Flash Player 11.3 - Font Parsing Code Execution (Metasploit)
2012-08-20 00:00:00
thn
thn
Operation Aurora - Other Zero-Day Attacks targeting finance and Energy
2012-09-08 08:36:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2012-09-05 00:00:00
redhat
redhat
(RHSA-2012:1173) Critical: flash-plugin security update
2012-08-15 00:00:00
(RHSA-2012:1203) Critical: flash-plugin security update
2012-08-23 00:00:00
securityvulns
securityvulns
HP Systems Insight Manager multiple security vulnerabilities
2014-03-27 00:00:00
[security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information
2014-03-27 00:00:00
myhack58
myhack58
The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net
2019-06-13 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.943 High

EPSS

Percentile

99.0%

JSON
Related for ADOBE_FLASH_OTF_PARSING
nessus10threatpost4suse4prion1openvas10seebug2saint4attackerkb2metasploit1cisa_kev1symantec1cve1checkpoint_advisories1packetstorm1ubuntucve1exploitdb1thn1gentoo1redhat2securityvulns2myhack581