This module exploits a vulnerability in atmfd.sys module by loading a crafted OTF font.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a Use-After-Free vulnerability in Adobe Flash Player. This vulnerability was found on the HackingTeam's leak on July 2015.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a buffer overflow vulnerability in Adobe Flash Player when parsing malformed FLV objects. Attackers exploiting the vulnerability can corrupt memory and gain remote code execution.

Zimbra is vulnerable to a Local File Inclusion vulnerability that allows attacker to get LDAP credentials which we may use for upload a JSP file allowing us to install an agent.

This module exploits a Use-After-Free vulnerability in Adobe Flash Player.



The specific flaw exists when the suscriber is not notified if a ByteArray assigned to the ApplicationDomain is freed from an ActionScript worker.

By forcing a reallocation by copying more contents than the original capacity to the shared buffer by using the ByteArray::writeBytes method call, the ApplicationDomain pointer is not updated leading to a use-after-free vulnerability.



This allows to overwrite different objects like vectors and finally accomplish remote code execution.

This module exploits a memory corruption vulnerability in Adobe Flash Player. The specific flaw exists when a Shader is applied as a drawing fill allowing an attacker to take control of a vulnerable machine and execute arbitrary code.



This vulnerability was found exploited in the wild on June 2015.

This module exploits a buffer overflow vulnerability in Adobe Flash Player when parsing malformed FLV objects. Attackers exploiting the vulnerability can corrupt memory and gain remote code execution.



This vulnerability has been found exploited in the wild in June 2015 in the Operation Clandestine Wolf campaign.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a buffer overflow vulnerability in Adobe Flash Player.



The specific flaw exists when the "width" attribute of a ShaderJob is modified after starting the job allowing to an attacker to control the size of a destination buffer and the lenght of the copy operation.

The specific flaw exists within LDAP handling functionality which listens by default on TCP port 389. The vulnerable code blindly copies attacker supplied data from a specially formatted LDAP ModifyRequest packet to a fixed length stack buffer.

This module exploits a vulnerability in Linux. The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces.