Rapid7 Vulnerability & Exploit Database

Adobe Flash Player Integer Underflow Remote Code Execution

Back to Search

Adobe Flash Player Integer Underflow Remote Code Execution

Disclosed
02/05/2014
Created
05/30/2018

Description

This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

Author(s)

  • Unknown
  • juan vazquez <juan.vazquez@metasploit.com>

Platform

Windows

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/browser/adobe_flash_avm2
msf exploit(adobe_flash_avm2) > show targets
    ...targets...
msf exploit(adobe_flash_avm2) > set TARGET < target-id >
msf exploit(adobe_flash_avm2) > show options
    ...show and set options...
msf exploit(adobe_flash_avm2) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;