bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/dos/40103.txt
Offensive Security d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00

59 lines
No EOL
2.3 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#####################################################################################
# Application: Adobe Flash Player
# Platforms: Windows,OSX
# Versions: 22.0.0.192 and earlier
# Author: Sébastien Morin of COSIG
# Website: https://cosig.gouv.qc.ca/en/advisory/
# Twitter: @COSIG_
# Date: July 12, 2016
# CVE-2016-4175
# COSIG-2016-22
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
================
1) Introduction
================
Adobe Flash Player (labeled Shockwave Flash in Internet Explorer and Firefox) is a freeware software for using content created on the Adobe Flash platform, including viewing multimedia, executing rich Internet applications, and streaming video and audio. Flash Player can run from a web browser as a browser plug-in or on supported mobile devices. Flash Player was created by Macromedia and has been developed and distributed by Adobe Systems since Adobe acquired Macromedia.
(https://en.wikipedia.org/wiki/Adobe_Flash_Player)
#####################################################################################
====================
2) Report Timeline
====================
2016-05-10: Sébastien Morin of COSIG report this vulnerability to Adobe PSIRT;
2016-06-08: Adobe PSIRT confirm this vulnerability;
2016-07-12: Adobe publish a patch (APSB16-25);
2016-07-12: Advisory released by COSIG;
#####################################################################################
=====================
3) Technical details
=====================
The vulnerability allows a remote attacker to execute malicious code or access to a part of the dynamically allocated memory using a user interaction
visiting a Web page or open a specially crafted SWF file, which contains DefineSprite invalid data.
#####################################################################################
===========
4) POC:
===========
https://cosig.gouv.qc.ca/wp-content/uploads/2016/07/COSIG-2016-22-1.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40103.zip
####################################################################################
Reference in a new issue View git blame Copy permalink