CVE-2015-7647

Adobe Flash Player <18.0.0.255,19.x<19.0.0.226 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7647. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in Adobe Flash where overriding IExternalizable.readExternal with a non-function value leads to memory corruption. The PoC is provided as a compiled SWF file, with instructions to modify it for exploitation.

Description

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/38969

View Code ZIP pw:eip

This exploit leverages a type confusion vulnerability in Adobe Flash where overriding IExternalizable.readExternal with a non-function value leads to memory corruption. The PoC is provided as a compiled SWF file, with instructions to modify it for exploitation.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (versions affected by CVE-2015-7647)

No auth needed

Prerequisites: Victim must open a malicious SWF file

MITRE ATT&CK