• Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
    Disclosure Date: 2016-04-27
    First seen: 2020-04-26
    exploit/osx/browser/adobe_flash_delete_range_tl_op
    This module exploits a type confusion on Adobe Flash Player, which was originally found being successfully exploited in the wild. This module has been tested successfully on: macOS Sierra 10.12.3, Safari and Adobe Flash Player 21.0.0.182, Firefox and Adobe Flash Player 21.0.0.182. Authors: - Genwei Jiang - bcook-r7
  • Adobe Flash opaqueBackground Use After Free
    Disclosure Date: 2015-07-06
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_opaque_background_uaf
    This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This module is an early release tested on: Windows XP SP3, IE8 and Flash 18.0.0.194, Windows XP SP3, IE 8 and Flash 18.0.0.203, Windows XP SP3, Firefox and Flash 18.0.0.203, Windows Vista SP2 + IE 9 and Flash 18.0.0.203, Windows Vista SP2 + Firefox 39.0 and Flash 18.0.0.203, Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), IE9 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), IE11 and Adobe Flash 18.0.0.194, windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.203, Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.160 and Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194 Windows 10 Build 10240 (32-bit) IE11, Firefox 39.0 and Adobe Flash 18.0.0.203 Authors: - Unknown - juan vazquez <juan.vazquez@metasploit.com> - sinn3r <sinn3r@metasploit.com>
  • Adobe Flash Player ByteArray Use After Free
    Disclosure Date: 2015-07-06
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_hacking_team_uaf
    This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling ByteArray objects. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), IE11 and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.468. Authors: - Unknown - juan vazquez <juan.vazquez@metasploit.com> - sinn3r <sinn3r@metasploit.com>
  • Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
    Disclosure Date: 2015-06-23
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_nellymoser_bof
    This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043. Authors: - Unknown - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
    Disclosure Date: 2015-06-23
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_nellymoser_bof
    This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043. Authors: - Unknown - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player Drawing Fill Shader Memory Corruption
    Disclosure Date: 2015-05-12
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_shader_drawing_fill
    This module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460. Authors: - Chris Evans - Unknown - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player ShaderJob Buffer Overflow
    Disclosure Date: 2015-05-12
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_shader_job_overflow
    This module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the "width" attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457. Authors: - Chris Evans - Unknown - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player NetConnection Type Confusion
    Disclosure Date: 2015-03-12
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_net_connection_confusion
    This module exploits a type confusion vulnerability in the NetConnection class on Adobe Flash Player. When using a correct memory layout this vulnerability allows to corrupt arbitrary memory. It can be used to overwrite dangerous objects, like vectors, and ultimately accomplish remote code execution. This module has been tested successfully on: * Windows 7 SP1 (32-bit), IE 8, IE11 and Adobe Flash 16.0.0.305. * Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 16.0.0.305. * Windows 8.1, Firefox 38.0.5 and Adobe Flash 16.0.0.305. * Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.424. * Ubuntu 14.04.2 LTS, Firefox 33.0 and Adobe Flash 11.2.202.442. Authors: - Natalie Silvanovich - Unknown - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player ByteArray With Workers Use After Free
    Disclosure Date: 2015-02-02
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flash_worker_byte_array_uaf
    This module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, which can fill the memory and notify the main thread to corrupt the new contents. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 16.0.0.296. Authors: - Unknown - hdarwin - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player PCRE Regex Vulnerability
    Disclosure Date: 2014-11-25
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flash_pcre
    This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode. Authors: - Mark Brand - sinn3r <sinn3r@metasploit.com>
  • Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
    Disclosure Date: 2014-11-11
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flash_uncompress_zlib_uninitialized
    This module exploits an uninitialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize allocated memory. When using a correct memory layout this vulnerability leads to a ByteArray object corruption, which can be abused to access and corrupt memory. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 15.0.0.189. Authors: - Nicolas Joly - Unknown - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player casi32 Integer Overflow
    Disclosure Date: 2014-10-14
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flash_casi32_int_overflow
    This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as domainMemory for the current application domain. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167. Authors: - bilou - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player copyPixelsToByteArray Method Integer Overflow
    Disclosure Date: 2014-09-23
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flash_copy_pixels_to_byte_array
    This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This module has been tested successfully on: * Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145, and 14.0.0.125. * Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 14.0.0.179. * Windows 8.1, Firefox 38.0.5 and Adobe Flash 14.0.0.179. Authors: - Chris Evans - Nicolas Joly - hdarwin - juan vazquez <juan.vazquez@metasploit.com>
  • Flash "Rosetta" JSONP GET/POST Response Disclosure
    Disclosure Date: 2014-07-08
    First seen: 2020-04-26
    auxiliary/gather/flash_rosetta_jsonp_url_disclosure
    A website that serves a JSONP endpoint that accepts a custom alphanumeric callback of 1200 chars can be abused to serve an encoded swf payload that steals the contents of a same-domain URL. Flash < 14.0.0.145 is required. This module spins up a web server that, upon navigation from a user, attempts to abuse the specified JSONP endpoint URLs by stealing the response from GET requests to STEAL_URLS. Authors: - Michele Spagnuolo - joev <joev@metasploit.com>
  • Adobe Flash Player Shader Buffer Overflow
    Disclosure Date: 2014-04-28
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_pixel_bender_bof
    This module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This module has been tested successfully on the following operating systems and Flash versions: Windows 7 SP1, IE 8 to IE 11 with Flash 13.0.0.182, Windows 7 SP1, Firefox 38.0.5, Flash 11.7.700.275 and Adobe Flash 13.0.0.182, Windows 8.1, Firefox 38.0.5 and Adobe Flash 13.0.0.182, Linux Mint "Rebecca" (32 bit), Firefox 33.0 and Adobe Flash 11.2.202.350 Authors: - Unknown - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
    Disclosure Date: 2014-04-28
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_uncompress_zlib_uaf
    This module exploits a use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress() a malformed byte stream. This module has been tested successfully on: * Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and 16.0.0.235. * Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 16.0.0.287. * Windows 8.1, Firefox 38.0.5 and Adobe Flash 16.0.0.305. * Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Flash 11.2.202.424. Authors: - Unknown - hdarwin - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player domainMemory ByteArray Use After Free
    Disclosure Date: 2014-04-14
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flash_domain_memory_uaf
    This module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134. Authors: - bilou - Unknown - hdarwin - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player Integer Underflow Remote Code Execution
    Disclosure Date: 2014-02-05
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flash_avm2
    This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild. Authors: - Unknown - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player Type Confusion Remote Code Execution
    Disclosure Date: 2013-12-10
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flash_filters_type_confusion
    This module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1. Authors: - Unknown - bannedit <bannedit@metasploit.com> - juan vazquez <juan.vazquez@metasploit.com>
  • Adobe Flash Player Regular Expression Heap Overflow
    Disclosure Date: 2013-02-08
    First seen: 2020-04-26
    exploit/windows/browser/adobe_flash_regex_value
    This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.5.502.149. By supplying a specially crafted swf file with special regex value, it is possible to trigger a memory corruption, which results in remote code execution under the context of the user, as exploited in the wild in February 2013. This module has been tested successfully with Adobe Flash Player 11.5 before 11.5.502.149 on Windows XP SP3 and Windows 7 SP1 before MS13-063, since it takes advantage of a predictable SharedUserData in order to leak ntdll and bypass ASLR. Authors: - Unknown - Boris "dukeBarman" Ryutin - juan vazquez <juan.vazquez@metasploit.com>
29 metasploit modules found
1 2
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!