Gentoo Linux Security Advisory 201110-11 - Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a denial of service. Versions less than 10.3.183.10 are affected.
1fc7f689cdb3c883ce36c76490807f1cc45caa5c421b71567dc8d8327d946b70
This Metasploit module exploits a vulnerability in AVM2 action script virtual machine used in Adobe Flash Player versions 9.0 through 10. The AVM fails to properly verify bytecode streams prior to executing it. This can cause uninitialized memory to be executed. Utilizing heap spraying techniques to control the uninitialized memory region it is possible to execute arbitrary code. Typically Flash Player is not used as a standalone application. Often, SWF files are embedded in other file formats or specifically loaded via a web browser. Malcode was discovered in the wild which embedded a malformed SWF file within an Excel spreadsheet. This exploit is based off the byte stream found within that malcode sample.
42f45f3260ab9c5b8cc16ebc8f87909c47dfc836d8362769726a745db24e2709