Adobe Flash Player is prone to a use-after-free vulnerability because the ByteArray::UncompressViaZlibVariant method frees an object while leaving a dangling pointer that can be later dereferenced. This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash file. This vulnerability has been found being actively exploited in-the-wild during January 2015.
This module exploits an improper validation of array index vulnerability in Adobe Flash Player. When implementing an ActionScript function with a variable number of arguments it's possible to index the arguments array outside its bounds. This can be leveraged to read arbitrary memory and leak memory content, allowing the exploit to bypass ASLR, and to invoke the constructor of a class with an arbitrary memory address containing attacker-controlled data instead of a valid ActionScript object. This can be exploited to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site containing a specially crafted SWF file. This vulnerability has been found exploited in-the-wild during June 2011.
This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted SWF file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This exploit works only with ActiveX implementation (Flash9e.ocx) of Adobe Flash Player through Microsoft Internet Explorer.
Adobe Extension Manager CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .MXI file. The attacker must entice a victim into opening a specially crafted .MXI file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe ExtendScript Toolkit is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .JSX file. The attacker must entice a victim into opening a specially crafted .JSX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe Dreamweaver CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .DWT file. The attacker must entice a victim into opening a specially crafted .DWT file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe Device Central CS5 is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .ADCP file. The attacker must entice a victim into opening a specially crafted .ADCP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe Device Central CS4 is prone to a vulnerability that may allow execution of ibfs32.dll if this dll is located in the same folder than .ADCP file. The attacker must entice a victim into opening a specially crafted .ADCP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Adobe Acrobat X Pro is prone to a vulnerability that may allow the execution of any library file named updaternotifications.dll, if this dll is located in the same folder as a .PDF file. The attacker must entice a victim into opening a specially crafted .PDF file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Subscribe to Windows