module
Adobe Flash Player domainMemory ByteArray Use After Free
Disclosed | Created |
---|---|
Apr 14, 2014 | May 30, 2018 |
Disclosed
Apr 14, 2014
Created
May 30, 2018
Description
This module exploits a use-after-free vulnerability in Adobe Flash Player. The
vulnerability occurs when the ByteArray assigned to the current ApplicationDomain
is freed from an ActionScript worker, when forcing a reallocation by copying more
contents than the original capacity, but Flash forgets to update the domainMemory
pointer, leading to a use-after-free situation when the main worker references the
domainMemory again. This module has been tested successfully on Windows 7 SP1
(32-bit), IE 8 and IE11 with Flash 17.0.0.134.
vulnerability occurs when the ByteArray assigned to the current ApplicationDomain
is freed from an ActionScript worker, when forcing a reallocation by copying more
contents than the original capacity, but Flash forgets to update the domainMemory
pointer, leading to a use-after-free situation when the main worker references the
domainMemory again. This module has been tested successfully on Windows 7 SP1
(32-bit), IE 8 and IE11 with Flash 17.0.0.134.
Authors
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.