CVE-2015-5134

Adobe Flash Player < 11.2.202.491 and < 18.0.0.232 - Use-After-Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5134. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a use-after-free vulnerability in Adobe Flash by manipulating SharedObject properties and triggering garbage collection. The PoC involves setting internal variables in native AS2 classes, leading to memory corruption and potential remote code execution.

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/37852

View Code ZIP pw:eip

This exploit demonstrates a use-after-free vulnerability in Adobe Flash by manipulating SharedObject properties and triggering garbage collection. The PoC involves setting internal variables in native AS2 classes, leading to memory corruption and potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Adobe Flash Player (versions affected by CVE-2015-5134)

No auth needed

Prerequisites: 64-bit system · webserver to host SWF files · Flash Player with vulnerable version

MITRE ATT&CK