module
Adobe Flash Player Integer Underflow Remote Code Execution
| Disclosed | Created |
|---|---|
| 2014-02-05 | 2018-05-30 |
Disclosed
2014-02-05
Created
2018-05-30
Description
This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player
before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an
integer underflow in several avm2 instructions, which can be turned into remote code
execution under the context of the user, as exploited in the wild in February 2014. This
module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP
SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes
rop chains for several Flash 11 versions, as exploited in the wild.
before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an
integer underflow in several avm2 instructions, which can be turned into remote code
execution under the context of the user, as exploited in the wild in February 2014. This
module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP
SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes
rop chains for several Flash 11 versions, as exploited in the wild.
Authors
Unknown
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.