Adobe Flash Player ByteArray write method Use-After-Free Exploit

This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw exists when the suscriber is not notified if a ByteArray assigned to the ApplicationDomain is freed from an ActionScript worker. By forcing a reallocation by copying more contents than the original capacity to the shared buffer by using the ByteArray::writeBytes method call, the ApplicationDomain pointer is not updated leading to a use-after-free vulnerability. This allows to overwrite different objects like vectors and finally accomplish remote code execution.
Exploit type: 
Vulnerabilty ID: 
Product Version: 
Released Date: 
Thursday, July 2, 2015 - 00:00