Adobe Flash Player vulnerability in Internet Explorer 10
|Date Published:||21 September 2012|
|Date Revised:||27 September 2012|
Adobe Flash Player 11.3.300.270 |
Internet Explorer 10
Windows Server 2012
A vulnerability involving Adobe Flash Player in Internet Explorer 10 could cause the application to terminate unexpectedly, and possibly allow and attacker to take control of a compromised system.
A vulnerability in Adobe Flash Player affects Internet Explorer 10 on supported editions of Windows 8 and Windows Server 2012. There are reports on this vulnerability being exploited in the wild, where the exploit is targeting the ActiveX version of Flash Player for Internet Explorer on Windows.
The vulnerability could cause the application to terminate unexpectedly, and possibly allow an attacker to take control of a compromised system. Users are recommended to implement some workarounds to mitigate the impact of this vulnerability. Full instructions are available at Microsoft Security Advisory 2755801.
F-Secure detects the files taking advantage of this vulnerability as Exploit:W32/CVE-2012-1535 starting in Hydra database version 2012-09-25_01, which was released on 25 September 2012. Please allow F-Secure products to block installation of files that take advantage of this vulnerability.
- Hydra database version 2012-09-25_01
- Hydra database version 2012-09-20_04
- 25 September 2012
- 20 September 2012
To mitigate the impact of the vulnerability, please implement these suggested workarounds:
- Prevent Adobe Flash Player from running
- Prevent ActiveX controls from running
- Set security zone settings to 'High'
- Configure Internet Explorer to prompt before running Active Scripting
Please view the complete instructions at Microsoft Security Advisory 2755801
Update to Adobe Flash Player version 11.3.300.271
Allow F-Secure Internet Security or F-Secure Anti-Virus to remove or disinfect malicious files.