This module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This module has been tested successfully on the following operating systems and Flash versions: Windows 7 SP1, IE 8 to IE 11 with Flash 220.127.116.11, Windows 7 SP1, Firefox 38.0.5, Flash 11.7.700.275 and Adobe Flash 18.104.22.168, Windows 8.1, Firefox 38.0.5 and Adobe Flash 22.214.171.124, Linux Mint "Rebecca" (32 bit), Firefox 33.0 and Adobe Flash 126.96.36.1990
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security