CVE-2015-3128

Adobe Flash Player <13.0.0.302,14.x<18.0.0.203,11.2.202.481 - Use A...

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3128. PoCs published by bilou.

AI-analyzed exploit summary This exploit leverages a use-after-free (UAF) vulnerability in Adobe Flash Player's ActionScript 2 (AS2) Color.setRGB method. By manipulating the target_mc object during execution, an attacker can achieve arbitrary code execution.

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bilou · textdoswindows

https://www.exploit-db.com/exploits/37860

View Code ZIP pw:eip

This exploit leverages a use-after-free (UAF) vulnerability in Adobe Flash Player's ActionScript 2 (AS2) Color.setRGB method. By manipulating the target_mc object during execution, an attacker can achieve arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player 17.0.0.169

No auth needed

Prerequisites: Adobe Flash Player 17.0.0.169 · Victim interaction to execute the malicious SWF

MITRE ATT&CK