CVE-2015-3082

Adobe Flash Player <13.0.0.289 & Adobe AIR <17.0.0.172 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3082. PoCs published by KeenTeam.

AI-analyzed exploit summary This exploit leverages a junction check bypass in FlashBroker to write arbitrary files to the filesystem under user permissions, specifically targeting Windows 8.1 IE Protected Mode. The vulnerability arises from improper handling of forward slashes in destination paths, allowing an attacker to bypass intended restrictions.

Description

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085.

Exploits (1)

exploitdb WORKING POC VERIFIED

by KeenTeam · textremotewindows

https://www.exploit-db.com/exploits/37840

View Code ZIP pw:eip

This exploit leverages a junction check bypass in FlashBroker to write arbitrary files to the filesystem under user permissions, specifically targeting Windows 8.1 IE Protected Mode. The vulnerability arises from improper handling of forward slashes in destination paths, allowing an attacker to bypass intended restrictions.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player 16.0.0.305 (KB3021953) on Windows 8.1 IE Protected Mode

No auth needed

Prerequisites: Windows 8.1 with IE Protected Mode · Adobe Flash Player 16.0.0.305 installed · Ability to inject DLL into low integrity IE process

MITRE ATT&CK