Adobe Flash Player OpenType Font Integer Overflow

Added: 08/27/2012
CVE: CVE-2012-1535
BID: 55009
OSVDB: 84607


Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.


Adobe Flash Player 11.3.300.270 (and earlier) on Windows is vulnerable to remote code execution via an integer overflow vulnerability. A remote attacker who convinces a user with the vulnerable Flash Player to open a specially crafted .swf file could exploit this issue to execute arbitrary code in the context of the user running the affected application.


Upgrade to Adobe Flash Player 11.3.300.271 on Windows systems.



This exploit has been tested against Adobe Systems Flash Player 11.3.300.270 on Microsoft Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). JRE 6 must be installed on Windows 7.

The user must open the exploit page in Internet Explorer 8 or 9 on the target.



Back to exploit index