CVE-2017-2932

HIGH

Adobe Flash Player < 24.0.0.186 - Use-After-Free in ActionScript MovieClip

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2932. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit triggers a use-after-free vulnerability in Adobe Flash Player by manipulating a MovieClip object and its init object. The provided ZIP file contains a crafted SWF file that demonstrates the vulnerability.

Description

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/41609

View Code ZIP pw:eip

This exploit triggers a use-after-free vulnerability in Adobe Flash Player by manipulating a MovieClip object and its init object. The provided ZIP file contains a crafted SWF file that demonstrates the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (versions prior to fix for CVE-2017-2932)

No auth needed

Prerequisites: Victim must open the malicious SWF file in a vulnerable version of Adobe Flash Player

MITRE ATT&CK