Name | adobe_flash_regexp |
CVE | CVE-2013-0634 |
Exploit Pack | CANVAS |
Description | adobe_flash_regex |
Notes | CVE Name: CVE-2013-0634 VENDOR: Adobe Notes: This module exploit's a heap based buffer overflow on Adobe Flash Player while handling a regex object. It bypasses ASLR leaking a vtable pointer. Specifically, this exploit works on the following versions: - 11.5.502.146 - 11.5.502.135 - 11.5.502.110 - 11.4.402.287 - 11.4.402.278 - 11.4.402.265 Versions outside of this use an alternate heap manager and therefore this exploit will require modification to work on those specific versions. Tested on: Windows 7 SP1 with IE 8 Windows 7 SP1 Firefox 19.0 Flash 11.4.402.278 Usage: python ./exploits/clientd/clientd.py -l 192.168.1.10 -d 5555 -O server_port:8080 -O allowed_attack_modules:adobe_flash_regexp -O auto_detect_exploits:0 python commandlineInterface.py -v 17 -p5555 VersionsAffected: Adobe Flash Player for Windows <= 10.3.183.51 and 11.x before 11.5.502.149 Repeatability: One-shot References: ['http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0634'] CVE Url: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0634 Date public: 08/02/2013 |
Learn more about the CANVAS Exploit Pack here: CANVAS |