exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Adobe Flash Player DLL Hijacking
Posted Jun 17, 2016
Authored by Stefan Kanthak

Adobe Flash Player versions prior to 22.0.0.192 and 18.0.0.360 suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2016-1014
SHA-256 | f6c1e0db1cf0414a2c4e623656746bf18311c21d232ce0247945fb82f69047ed

Related Files

Adobe Flash Player 11.3 Font Parsing Code Execution
Posted Aug 17, 2012
Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.

tags | exploit, remote, arbitrary, code execution, activex
advisories | CVE-2012-1535, OSVDB-84607
SHA-256 | b495613b72210817067894eb7ff5c08f46dcd44c9088ea935d0a7be729049d9a
Red Hat Security Advisory 2012-1173-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-1535
SHA-256 | c10d85f5137cb075e49ec0b6380b902d41df64cf1042cece8b3a15b524552b6a
Gentoo Linux Security Advisory 201206-21
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-21 - Multiple vulnerabilities have been found in Adobe Flash Player could result in the execution of arbitrary code or Denial of Service. Versions less than 11.2.202.236 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-0779, CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040
SHA-256 | 7222e3252d7d0fdb64aebdfc3716ee393821e2bc4558b1b340a50587b3420c6c
Adobe Flash Player Object Type Confusion
Posted Jun 23, 2012
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt AMF0 "_error" response, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack. According to the advisory, 10.3.183.19 and 11.x before 11.2.202.235 are affected.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2012-0779, OSVDB-81656
SHA-256 | 278d32f3bc7f3344e48d9ed25bcb65be25041499b78ba981e26d568f755202ee
Adobe Flash Player AVM Verification Logic Array Indexing Code Execution
Posted Jun 20, 2012
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for attacks against Korean based organizations. Specifically, this issue occurs when indexing an array using an arbitrary value, memory can be referenced and later executed. Taking advantage of this issue does not rely on heap spraying as the vulnerability can also be used for information leakage. Currently this exploit works for IE6, IE7, IE8, Firefox 10.2 and likely several other browsers under multiple Windows platforms. This exploit bypasses ASLR/DEP and is very reliable.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2011-2110, OSVDB-48268
SHA-256 | e26bbead67100b455a3fddb8cfcf7df0baddef6b4fbc68f4cc261a2c4dea9972
Red Hat Security Advisory 2012-0722-01
Posted Jun 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0722-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-14, listed in the References section. Several security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039
SHA-256 | ecdbd222d0515d25680731defe7dbecc336e7f60c44b403ad6c79db2c84c9be7
Secunia Security Advisory 49388
Posted Jun 11, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
SHA-256 | e20802e5ee8e20761cfe1c8512cf01f5cdb21558d860ba633195fec7301b5b0e
Zero Day Initiative Advisory 12-080
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-080 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. A size value is read from MP4 files and used for size calculation without proper validation. The arithmetic performed on the size value can cause integer overflows, resulting in undersized allocations. This undersized memory allocation can be subsequently overpopulated with data supplied by the input file which can be used to gain remote code execution under the context of the current process.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2012-0754
SHA-256 | 7d4277c0240390dfaf844d794201f5813348bc3c4e7a17ba30d5fa943904ac26
Red Hat Security Advisory 2012-0688-01
Posted May 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0688-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.19.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-0779
SHA-256 | 5d3d94c580242304ad1db49f92b8d1b2db7dde614f6355c09efaba9df53cd86d
Apple Security Advisory 2012-05-14-2
Posted May 15, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-05-14-2 - This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.

tags | advisory
systems | apple
SHA-256 | a18bf4afd49f0790a7800f00c7179cc923a3890a42c7c396c63645d35c123d0d
Secunia Security Advisory 49096
Posted May 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 8416b6dd845c6b83a4da1822b91efeb94834aecf98e3f9d0b3082a81495a1002
Adobe Flash Player ActionScript Launch Command Execution
Posted Apr 20, 2012
Authored by 0a29406d9794e4f9b30b3c5d6702c708 | Site metasploit.com

This Metasploit module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This Metasploit module was tested against version 10.0.12.36 (10r12_36).

tags | exploit, shell
systems | linux
advisories | CVE-2008-5499, OSVDB-50796
SHA-256 | 93d7262043fea9cda6bcae5df8301841074b655ead8497ddc9cbc8fb6a8f410c
Adobe Flash Player NetStream Remote Code Execution
Posted Apr 19, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an invalid object being used when parsing a malformed video via "NetStream.appendBytes", which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP enabled.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0773
SHA-256 | 9b4488d35212ce158b36f3b2eb967b148fddbf040de1f99a30ab5a53f3202ef4
Gentoo Linux Security Advisory 201204-07
Posted Apr 18, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201204-7 - Multiple vulnerabilities in Adobe Flash Player, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 11.2.202.228 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767, CVE-2012-0768, CVE-2012-0769, CVE-2012-0773
SHA-256 | bcf33f097735edaa2dba3ae55379f08e72c0e989bf92ca775ea579c3a0dded65
Zero Day Initiative Advisory 12-057
Posted Apr 10, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-057 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Flash Player handles the update of a NetStream object via the appendBytes method which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.

tags | advisory, remote, arbitrary, code execution
SHA-256 | f10032eed460124a4fc1a534f5ee945f69ee0a881a07088857826cb6ecded560
Adobe Flash Player Information Leak
Posted Apr 10, 2012
Authored by Fermin J. Serna

Adobe Flash Player versions prior to 10.3.183.16 and 11.x before 11.1.102.63 suffer from an information disclosure vulnerability. This archive has research related to this issue, proof of concept source code, and a swf that demonstrates the issue.

tags | exploit, proof of concept, info disclosure
systems | linux
advisories | CVE-2012-0769
SHA-256 | a3e0acb403967ecb2ab50b95e92c7801505af37a7f830f9ad5119219170efa9f
Secunia Security Advisory 48623
Posted Apr 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Adobe Flash Player and Adobe AIR, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 33ff8fc72aa2fcaf076d0093973a9d8c3f83484facec38dfaacc2b7ee5d2590a
Red Hat Security Advisory 2012-0434-01
Posted Mar 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0434-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.18.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-0773
SHA-256 | 214097b723d5e1016a9378358b8884c8afd2d66057492714e906754204d059dd
Adobe Flash Player Matrix3D Remote Memory Corruption
Posted Mar 20, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a memory corruption error within the Matrix3D class when processing malformed 3D data within SWF files, which could be exploited by attackers to potentially compromise a vulnerable system or disclose memory information by tricking a user into visiting a specially crafted web page. Adobe Flash Player versions 11.1.102.62 and below are affected.

tags | advisory, web
advisories | CVE-2012-0768
SHA-256 | cd2efadbb305725a418111b28128ed5c65004213052f530f752893ddaadc11f6
Adobe Flash Player .mp4 'cprt' Overflow
Posted Mar 8, 2012
Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt .mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situation.doc" phishing campaign.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2012-0754, OSVDB-79300
SHA-256 | bc712e2a0634304709e04fab0e0b399f87ad8994ef78b54e906ba338a89de632
Secunia Security Advisory 48281
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 3b583191ce1bde990fb87784459f8e4b123c5a7de9c778712999e48b39ef6aa7
Red Hat Security Advisory 2012-0359-01
Posted Mar 6, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0359-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-05, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2012-0768, CVE-2012-0769
SHA-256 | 4f6c288312851d2cb202ed736a92e3023e458dbcde02a2d931cb95fc88603ecb
Red Hat Security Advisory 2012-0144-01
Posted Feb 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0144-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-03, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767
SHA-256 | e12fa8491ed0eb8269109f0b84ae42b196495d0ce25bd1e59eee089e630a6dbe
Secunia Security Advisory 48033
Posted Feb 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 29c374b8ff9e4bb8f9982a27b41d87697832d6cbdf2c6b508f885a38151042dd
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
Posted Feb 10, 2012
Authored by Abysssec, sinn3r, Alexander Gavrun | Site metasploit.com

This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-2140, OSVDB-74439
SHA-256 | df9a4f147e437db061fcac07db067da65775ac9fff0ec5fecbe3b18c47f3ceba
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close