CVE-2015-7648

Adobe Flash Player <18.0.0.255,19.x<19.0.0.226 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7648. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in Adobe Flash's ObjectEncoder.dynamicPropertyWriter during serialization. By overriding the dynamicPropertyWriter with a non-function value, an attacker can achieve arbitrary code execution. The PoC requires manual bytecode modification to trigger the vulnerability.

Description

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/38970

View Code ZIP pw:eip

This exploit leverages a type confusion vulnerability in Adobe Flash's ObjectEncoder.dynamicPropertyWriter during serialization. By overriding the dynamicPropertyWriter with a non-function value, an attacker can achieve arbitrary code execution. The PoC requires manual bytecode modification to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (versions affected by CVE-2015-7648)

No auth needed

Prerequisites: Victim must load a malicious SWF file · Manual modification of the SWF bytecode

MITRE ATT&CK