Name | adobe_flash_id3 |
---|---|
CVE | CVE-2015-5560 Exploit Pack |
VENDOR: Adobe | |
Notes: |
This module exploits a mishandling of large integers during the decoding of an ID3 tag.
This situation leads to an integer overflow that eventually could produce a heap overflow.
In this case, an array’s length will be corrupted to obtain an arbitrary memory read/write primitive.
Tested on:
- Windows 7 Ultimate SP1 x32 with IE11 32 bits (Adobe Flash Player 18.0.0.209 32-bit)
- Windows 7 Professional SP1 x64 with IE11 32 bits (Adobe Flash Player 18.0.0.209 32-bit)
VersionsAffected: Adobe Flash Player <= 18.0.0.209 on Windows
References: [‘https://bugs.chromium.org/p/project-zero/issues/detail?id=443’]
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560