CVE-2015-3089

Adobe Flash Player <13.0.0.289 & 14.x-17.x - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3089. PoCs published by bilou.

AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in Adobe Flash Player (CVE-2015-3089) by loading a malformed MPD file, leading to a crash and potential remote code execution. The PoC includes a SWF file and requires specific compilation flags for Flex.

Description

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bilou · textdoswindows

https://www.exploit-db.com/exploits/37845

View Code ZIP pw:eip

This exploit targets a memory corruption vulnerability in Adobe Flash Player (CVE-2015-3089) by loading a malformed MPD file, leading to a crash and potential remote code execution. The PoC includes a SWF file and requires specific compilation flags for Flex.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player 17.0.0.134

No auth needed

Prerequisites: Hosting the SWF and MPD files on a web server · Victim visits the crafted URL

MITRE ATT&CK