This module exploits a compilation logic error in the PCRE engine in Adobe Flash Player. The handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary code execution of PCRE bytecode.
This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .MP4 file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This exploit works with the ActiveX implementation of Adobe Flash Player through Microsoft Internet Explorer.
A code execution vulnerability exists in the way that Adobe Flash Player handles specially crafted .MP4 files when opening in Internet Explorer 6,7 and 8 This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits an object type confusion vulnerability in Adobe Flash Player. The specific error occurs due to the way Adobe Flash handles the AMF0 response (_error) when connecting to a malicious RTMP server. By supplying a crafted AMF0 response it is possible to execute arbitrary code in the context of the vulnerable application.
This module exploits a heap-based buffer overflow in Adobe Flash Player. The bug is triggered by calling BitmapData.copyPixelsToByteArray() with a reference to a ByteArray that has its position property set very large, close to 2^32. This results in an integer overflow in 32-bit arithmetic and allows an attacker to take control of the target machine.
This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This exploit works with the ActiveX implementation (Flash10i.ocx and prior versions) of Adobe Flash Player through Microsoft Internet Explorer and also with the Mozilla Firefox Plugin (NPSWF32.dll).
This module exploits an integer overflow in Adobe Flash Player. The specific flaw exists within the implementation of casi32. The issue lies in the failure to properly sanitize a user-supplied length value with a specific array implementation. An attacker can leverage this vulnerability to execute code within the context of the current process.
Adobe Flash Player is prone to a use-after-free vulnerability because the ByteArray::UncompressViaZlibVariant method frees an object while leaving a dangling pointer that can be later dereferenced. This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash file. This vulnerability has been found being actively exploited in-the-wild during January 2015.
This module exploits an improper validation of array index vulnerability in Adobe Flash Player. When implementing an ActionScript function with a variable number of arguments it's possible to index the arguments array outside its bounds. This can be leveraged to read arbitrary memory and leak memory content, allowing the exploit to bypass ASLR, and to invoke the constructor of a class with an arbitrary memory address containing attacker-controlled data instead of a valid ActionScript object. This can be exploited to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site containing a specially crafted SWF file. This vulnerability has been found exploited in-the-wild during June 2011.
Subscribe to Windows