CVE-2015-3080

Adobe Flash Player <13.0.0.289-17.0.0.188 - Use After Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3080. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a use-after-free vulnerability in Adobe Flash Player (CVE-2015-3080) by manipulating BitmapData objects and the DisplacementMapFilter.mapBitmap property. It leverages AS2 stack manipulation to trigger a crash with controlled EAX register, potentially leading to arbitrary code execution.

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/37853

View Code ZIP pw:eip

This exploit demonstrates a use-after-free vulnerability in Adobe Flash Player (CVE-2015-3080) by manipulating BitmapData objects and the DisplacementMapFilter.mapBitmap property. It leverages AS2 stack manipulation to trigger a crash with controlled EAX register, potentially leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Adobe Flash Player 16.0.0.305

No auth needed

Prerequisites: Adobe Flash Player 16.0.0.305 · Chrome 40.0.2214.111 · Win7 SP1 x64

MITRE ATT&CK