CVE-2015-8635

HIGH

Adobe Flash Player < 18.0.0.324, 19.x-20.x < 20.0.0.267, AIR < 20.0.0.233 - Use-After-Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8635. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in Adobe Flash Player related to rendering multiple scripts. The PoC is designed to trigger a crash, which could potentially be weaponized for remote code execution (RCE) given sufficient effort.

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/39220

View Code ZIP pw:eip

This exploit leverages a use-after-free vulnerability in Adobe Flash Player related to rendering multiple scripts. The PoC is designed to trigger a crash, which could potentially be weaponized for remote code execution (RCE) given sufficient effort.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Adobe Flash Player (version not specified, likely multiple versions affected)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · Flash Player must be enabled in the browser

MITRE ATT&CK