Name | adobe_flash_metadata_uaf |
---|---|
CVE | CVE-2018-15982 Exploit Pack |
VENDOR: Adobe | |
NOTES: In the package com.adobe.tvsdk.mediacore.metadata the setObject method | |
does not set a reference to the key String Object so if we force the GC | |
this memory will be released but it will still be in our vector (Use-After-Free). |
This exploit only support x86 targets, this has been tested on Windows 7 with
Flash Player 31.0.0.153.
VersionsAffected: Affects all Flash versions from 19.0 up to and including 31.0.0.153
Repeatability: Infinite
References:
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15982
Date public: 07/12/2018
CVSS: N/A