header-logo
Suggest Exploit
vendor:
Flash Player
by:
KEEN Team
8.8
CVSS
HIGH
Use-After-Free
416
CWE
Product Name: Flash Player
Affected Version From: Prior to 28.0.0.137
Affected Version To: 28.0.0.137
Patch Exists: YES
Related CWE: CVE-2017-11292
CPE: o:adobe:flash_player
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2017

Adobe Flash Player Use-After-Free Vulnerability

A use-after-free vulnerability exists in Adobe Flash Player versions prior to 28.0.0.137. The vulnerability is due to a flaw in the handling of the 'createTextField' ActionScript function. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.

Mitigation:

Upgrade to Adobe Flash Player version 28.0.0.137 or later.
Source

Exploit-DB raw data:

Source: https://code.google.com/p/google-security-research/issues/detail?id=349&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id

Credit is to KEEN Team.

3 different PoC's in the attached zip.

Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37849.zip