CVE-2015-5558

Adobe Flash Player <18.0.0.232/11.2.202.508 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5558. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in Adobe Flash's TextFormat and FileReference constructors. By manipulating prototype chains and constructor calls, it achieves arbitrary code execution through type confusion, leading to potential RCE.

Description

Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5562.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/37878

View Code ZIP pw:eip

This exploit leverages a type confusion vulnerability in Adobe Flash's TextFormat and FileReference constructors. By manipulating prototype chains and constructor calls, it achieves arbitrary code execution through type confusion, leading to potential RCE.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (versions affected by CVE-2015-5558)

No auth needed

Prerequisites: Victim must visit a malicious SWF file · Adobe Flash Player must be vulnerable to CVE-2015-5558

MITRE ATT&CK