module
Adobe Flash Player ActionScript Launch Command Execution Vulnerability
| Disclosed | Created |
|---|---|
| 2008-12-17 | 2018-05-30 |
Disclosed
2008-12-17
Created
2018-05-30
Description
This module exploits a vulnerability in Adobe Flash Player for Linux,
version 10.0.12.36 and 9.0.151.0 and prior.
An input validation vulnerability allows command execution when the browser
loads a SWF file which contains shell metacharacters in the arguments to
the ActionScript launch method.
The victim must have Adobe AIR installed for the exploit to work. This module
was tested against version 10.0.12.36 (10r12_36).
version 10.0.12.36 and 9.0.151.0 and prior.
An input validation vulnerability allows command execution when the browser
loads a SWF file which contains shell metacharacters in the arguments to
the ActionScript launch method.
The victim must have Adobe AIR installed for the exploit to work. This module
was tested against version 10.0.12.36 (10r12_36).
Author
0a29406d9794e4f9b30b3c5d6702c708
Platform
Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.