Description
This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This module has been tested successfully on: * Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145, and 14.0.0.125. * Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 14.0.0.179. * Windows 8.1, Firefox 38.0.5 and Adobe Flash 14.0.0.179.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/browser/adobe_flash_copy_pixels_to_byte_arraymsf undefined(adobe_flash_copy_pixels_to_byte_array) > show actions ...actions...msf undefined(adobe_flash_copy_pixels_to_byte_array) > set ACTION < action-name >msf undefined(adobe_flash_copy_pixels_to_byte_array) > show options ...show and set options...msf undefined(adobe_flash_copy_pixels_to_byte_array) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub