CVE-2013-0634

Related Files

Adobe Flash Player Regular Expression Heap Overflow

Posted Apr 19, 2014

Authored by juan vazquez, temp66, Boris dukeBarman Ryutin | Site metasploit.com

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.5.502.149. By supplying a specially crafted swf file with special regex value, it is possible to trigger an memory corruption, which results in remote code execution under the context of the user, as exploited in the wild in February 2013. This Metasploit module has been tested successfully with Adobe Flash Player 11.5 before 11.5.502.149 on Windows XP SP3 and Windows 7 SP1 before MS13-063, since it takes advantage of a predictable SharedUserData in order to leak ntdll and bypass ASLR.

tags | exploit, remote, code execution, activex

systems | windows

advisories | CVE-2013-0634, OSVDB-89936

SHA-256 | b765e1a53957bbf2df1ce33a8e36732231faa2f5864b98a4ceb6d3e0804e069a

Download | Favorite | View

Red Hat Security Advisory 2013-0243-01

Posted Feb 9, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0243-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-04, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.262.

tags | advisory, web, arbitrary, vulnerability

systems | linux, redhat

advisories | CVE-2013-0633, CVE-2013-0634

SHA-256 | cb54635f1ff002a0b0496559b308cbb99a0353f79ea1dfe5a39445711c220a63

Download | Favorite | View