Adobe Flash Player Arguments Indexing Exploit

This module exploits an improper validation of array index vulnerability in Adobe Flash Player. When implementing an ActionScript function with a variable number of arguments it's possible to index the arguments array outside its bounds. This can be leveraged to read arbitrary memory and leak memory content, allowing the exploit to bypass ASLR, and to invoke the constructor of a class with an arbitrary memory address containing attacker-controlled data instead of a valid ActionScript object. This can be exploited to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site containing a specially crafted SWF file. This vulnerability has been found exploited in-the-wild during June 2011.