Signature Detail

Short Name	HTTP:STC:SWF:OPENTYPE-FONT-OF
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Adobe Flash Player OpenType Font Parsing Integer Overflow
Release Date	2012/08/22
Update Number	2176
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Adobe Flash Player OpenType Font Parsing Integer Overflow

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Extended Description

Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe Flash Player 11.3.300.270 and earlier versions are vulnerable.

Affected Products

Adobe Flash Player 11.0.1.152
Adobe Flash Player 11.1.102.228
Adobe Flash Player 11.1.102.55
Adobe Flash Player 11.1.102.62
Adobe Flash Player 11.1.102.63
Adobe Flash Player 11.1.111.5
Adobe Flash Player 11.1.111.6
Adobe Flash Player 11.1.111.7
Adobe Flash Player 11.1.111.8
Adobe Flash Player 11.1.111.9
Adobe Flash Player 11.1.112.61
Adobe Flash Player 11.1.115.6
Adobe Flash Player 11.1.115.7
Adobe Flash Player 11.1.115.8
Adobe Flash Player 11.2.202.223
Adobe Flash Player 11.2.202.228
Adobe Flash Player 11.2.202.229
Adobe Flash Player 11.2.202.229
Adobe Flash Player 11.2.202.233
Adobe Flash Player 11.2.202.235
Adobe Flash Player 11.2.202 236
Adobe Flash Player 11.2.202.236
Adobe Flash Player 11.3.300.257
Adobe Flash Player 11.3.300.262
Adobe Flash Player 11.3.300.270
Google Chrome 16
Google Chrome 16.0.912.63
Google Chrome 16.0.912.75
Google Chrome 16.0.912.75
Google Chrome 16.0.912.77
Google Chrome 17.0.963.46
Google Chrome 17.0.963.56
Google Chrome 17.0.963.60
Google Chrome 17.0.963.65
Google Chrome 17.0.963.78
Google Chrome 17.0.963.79
Google Chrome 17.0.963.83
Google Chrome 18.0.1025.142
Google Chrome 18.0.1025.151
Google Chrome 18.0.1025.162
Google Chrome 18.0.1025.168
Google Chrome 19
Google Chrome 19.0.1084.21
Google Chrome 19.0.1084.52
Google Chrome 20.0.1132.23
Google Chrome 20.0.1132.43
Google Chrome 20.0.1132.57
Google Chrome 2.0.156.1
Google Chrome 2.0.157.0
Google Chrome 2.0.157.2
Google Chrome 2.0.158.0
Google Chrome 2.0.159.0
Google Chrome 2.0.169.0
Google Chrome 2.0.169.1
Google Chrome 2.0.170.0
Google Chrome 2.0.172
Google Chrome 2.0.172.2
Google Chrome 2.0.172.27
Google Chrome 2.0.172.28
Google Chrome 2.0.172.30
Google Chrome 2.0.172.31
Google Chrome 2.0.172.33
Google Chrome 2.0.172.37
Google Chrome 2.0.172.38
Google Chrome 2.0.172.43
Google Chrome 2.0.172.8
Google Chrome 21.0.1180.49
Google Chrome 21.0.1180.50
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Red Hat Enterprise Linux Desktop Supplementary 5 Client
Red Hat Enterprise Linux Desktop Supplementary 6
Red Hat Enterprise Linux Server Supplementary 6
Red Hat Enterprise Linux Supplementary 5 Server
Red Hat Enterprise Linux Workstation Supplementary 6
SuSE openSUSE 11.4
SuSE openSUSE 12.1
SuSE SUSE Linux Enterprise Desktop 11 SP1
SuSE SUSE Linux Enterprise Desktop 11 SP2

References

BugTraq: 55009
CVE: CVE-2012-1535

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Adobe Flash Player OpenType Font Parsing Integer Overflow

Extended Description

Affected Products

References