CVE-2015-5539

Adobe Flash Player <18.0.0.232 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5539. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in Adobe Flash Player by manipulating SharedObject properties and triggering garbage collection to achieve arbitrary code execution. The PoC involves heap spraying and specific AS2 class interactions to exploit the flaw.

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/37855

View Code ZIP pw:eip

This exploit leverages a use-after-free vulnerability in Adobe Flash Player by manipulating SharedObject properties and triggering garbage collection to achieve arbitrary code execution. The PoC involves heap spraying and specific AS2 class interactions to exploit the flaw.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Adobe Flash Player (versions affected by CVE-2015-5539)

No auth needed

Prerequisites: 64-bit system · Flash Player with vulnerable version · Web server to host SWF files

MITRE ATT&CK