Zer0 day

[Pentesting] Exploit Adobe Flash v18.0.194 (cve-2015-5119) 본문


[Pentesting] Exploit Adobe Flash v18.0.194 (cve-2015-5119)

Zero Day 2016.08.04 23:28

Exploit Adobe Flash v18.0.194 (cve-2015-5119)

1. Exploit Info

Under Adobe Flash 18.0.194, there is UAF(Use After Free) vulnerability using 'ByteArray'

2. Target Info

- Victim

IP Addr :

OS : Windows 7 Ultimate x86 with ie11, flash v18.0.194

- Hacker

IP Addr :

Malicious URL :

OS : Kali Linux v2016.1 x86-64

3. Exploit

This time, we will try the exploit using Adobe Flash v18.0.194 UAF Bug

1. Set Modules on!

Using adobe_flash_hacking_team_uaf module

then, set meterpreter reverse shell

Let the victim who has flash under v18.0.194 enter into above link

2. Then we can get shell successfully

Just End of PoC

- End of PoC -

4. Analyze

Details are on next post!

Link : http://zer0day.tistory.com/305

댓글쓰기 폼