header-logo
Suggest Exploit
vendor:
Flash Player
by:
Project Zero
8,8
CVSS
HIGH
Stack Corruption
119
CWE
Product Name: Flash Player
Affected Version From: Prior to 28.0.0.137
Affected Version To: 28.0.0.137
Patch Exists: YES
Related CWE: CVE-2017-11292
CPE: o:adobe:flash_player
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2017-11292/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2017-11292/https://www.rapid7.com/db/vulnerabilities/msft-cve-2017-11292/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2017-11292/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2017-11292/https://www.rapid7.com/db/vulnerabilities/flash_player-cve-2017-11292/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2017

Flash Player MP4 File Parsing Stack Corruption

A stack corruption vulnerability exists in Adobe Flash Player versions prior to 28.0.0.137. The vulnerability is caused by a boundary error when parsing MP4 files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.

Mitigation:

Upgrade to Adobe Flash Player version 28.0.0.137 or later.
Source

Exploit-DB raw data:

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=760

The attached mp4 file causes stack corruption in flash. To load, put LoadMP42.swf on a server and load http://127.0.0.1/LoadMP42.swf?file=t.mp4.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39828.zip

Navigation

Suggest Exploit

Services By CQR