module
Adobe Flash Player AVM Bytecode Verification Vulnerability
| Disclosed | Created |
|---|---|
| 2011-03-15 | 2018-05-30 |
Disclosed
2011-03-15
Created
2018-05-30
Description
This module exploits a vulnerability in Adobe Flash Player versions 10.2.152.33
and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification
logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same
vulnerability that was used for the RSA attack in March 2011.
Specifically, this issue results in uninitialized memory being referenced and later
executed. Taking advantage of this issue relies on heap spraying and controlling the
uninitialized memory.
Currently this exploit works for IE6, IE7, and Firefox 3.6 and likely several
other browsers. DEP does catch the exploit and causes it to fail. Due to the nature
of the uninitialized memory its fairly difficult to get around this restriction.
and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification
logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same
vulnerability that was used for the RSA attack in March 2011.
Specifically, this issue results in uninitialized memory being referenced and later
executed. Taking advantage of this issue relies on heap spraying and controlling the
uninitialized memory.
Currently this exploit works for IE6, IE7, and Firefox 3.6 and likely several
other browsers. DEP does catch the exploit and causes it to fail. Due to the nature
of the uninitialized memory its fairly difficult to get around this restriction.
Authors
bannedit bannedit@metasploit.com
Unknown
Unknown
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.