This module exploits a Type Confusion vulnerability in Adobe Flash Player. The specific flaw exist in the ActionScript 2 NetConnection class.
When a NetConnection method is called with a parameter that is a native function object, its native data can be specified as a Number by the caller, but be interpreted as a pointer.
This allows to overwrite different objects like vectors and finally accomplish remote code execution.
When a NetConnection method is called with a parameter that is a native function object, its native data can be specified as a Number by the caller, but be interpreted as a pointer.
This allows to overwrite different objects like vectors and finally accomplish remote code execution.
CVE Link
Exploit Type - Old
Exploits/Client Side
Exploit Platform
Exploit Type
Product Name