Exploit:SWF/CVE-2012-1535.A

Exploit:SWF/CVE-2012-1535.A is malicious code that attempts to exploit a vulnerability in Adobe Flash Player by using a Microsoft Word document, in order to download and install files of an attacker's choice onto your computer, and perform denial of service attacks.

Note: There is no Microsoft Word vulnerability involved with this exploitation process.

While this threat can be delivered by a number of methods, you may encounter this if you open a Microsoft Word document that contains the malicious SWF content.

If the malicious SWF content is run on your computer, the exploit may display a harmless Microsoft Word document while it executes its payload. It may then attempt to download and run files from a remote host/URL; the files that are downloaded and run could include additional malware, and use your computer to perform denial of service attacks.

Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X, and before 11.2.202.238 on Linux are all vulnerable to this exploit.

Make sure that you install all available updates from the vendor in order to avoid this exploit. You can read more about this vulnerability and download software updates from these links:

• CVE-2012-1535
• Adobe advisory
• Adobe Flash Player update

Note: This detection may be triggered when you visit a website that contains the malicious code. Even if you are not using a vulnerable version of Adobe Flash Player, this detection may be reported when you open a Microsoft Word document that has been affected, or if you visit a website that contains the malicious code. This does not mean that you have been compromised, rather that an attempt to compromise your computer has been made.

Analysis by Jeong Wook (Matt) Oh