When a Windows computer is joined to any domain, usually, the "gpt.ini" file is downloaded by this from the Domain Controller server. If this file has a new number version, it means that there are new policies to download. When new policies are present, the client downloads the 'gpttmpl.inf' file and applies the policies contained by this. Using a "Man In The Middle" attack, this module intercepts the communication explained before and installs an agent running as 'system' user.
This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw exists within the processing of AS3 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. This vulnerability was one of the 2015's Pwn2Own challenges.
This module exploits a Use-After-Free vulnerability in Adobe Flash Player. The specific flaw exists when the suscriber is not notified if a ByteArray assigned to the ApplicationDomain is freed from an ActionScript worker. By forcing a reallocation by copying more contents than the original capacity to the shared buffer by using the ByteArray::writeBytes method call, the ApplicationDomain pointer is not updated leading to a use-after-free vulnerability. This allows to overwrite different objects like vectors and finally accomplish remote code execution.
Subscribe to Impact