CVE-2018-4936

MEDIUM

Adobe Flash Player < 29.0.0.113 - Heap Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4936. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit is a fuzzed SWF file that triggers a heap overflow in Adobe Flash Player when playing a sound, leading to potential remote code execution. The PoC is noted to be unreliable but works best in standalone Flash Player and Microsoft Edge.

Description

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/44526

View Code ZIP pw:eip

This exploit is a fuzzed SWF file that triggers a heap overflow in Adobe Flash Player when playing a sound, leading to potential remote code execution. The PoC is noted to be unreliable but works best in standalone Flash Player and Microsoft Edge.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Adobe Flash Player (versions affected by CVE-2018-4936)

No auth needed

Prerequisites: Victim must open the malicious SWF file in a vulnerable Flash Player environment

MITRE ATT&CK