CVE-2015-4430

Adobe AIR < 18.0.0.144 - Use-After-Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4430. PoCs published by Google Security Research.

AI-analyzed exploit summary The provided content describes a use-after-free vulnerability in Adobe Flash Player 17.0.0.188, leading to an access violation crash. The PoC includes crash analysis and test case files but lacks executable exploit code.

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, and CVE-2015-5117.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/37875

View Code ZIP pw:eip

The provided content describes a use-after-free vulnerability in Adobe Flash Player 17.0.0.188, leading to an access violation crash. The PoC includes crash analysis and test case files but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Flash Player 17.0.0.188

No auth needed

Prerequisites: Victim running Flash Player 17.0.0.188 on Windows 7 with IE11

MITRE ATT&CK