CVE-2017-2935

HIGH

Adobe Flash Player < 24.0.0.186 - Remote Code Execution via Flash Video Container Processing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2935. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a heap overflow vulnerability in AVC header slicing within Adobe Flash Player. The PoC requires hosting specific files on a server and accessing a crafted SWF file to trigger the overflow.

Description

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/41612

View Code ZIP pw:eip

This exploit demonstrates a heap overflow vulnerability in AVC header slicing within Adobe Flash Player. The PoC requires hosting specific files on a server and accessing a crafted SWF file to trigger the overflow.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player

No auth needed

Prerequisites: Hosting the provided files on a server · Victim interaction to visit the crafted URL

MITRE ATT&CK