CVE-2015-5119 PoC — Adobe Flash Player ActionScript 3 缓冲区溢出漏洞

Source

https://github.com/CiscoCXSecurity/CVE-2015-5119_walkthrough

Associated Vulnerability

Title:Adobe Flash Player ActionScript 3 缓冲区溢出漏洞 (CVE-2015-5119)
Description:Adobe Flash Player是美国奥多比（Adobe）公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。ActionScript 3（AS3）是Adobe为其Flash产品开发的一种面向对象的编程语言。 Adobe Flash Player的AS3实现过程中的‘ByteArray’类存在释放后重用漏洞。远程攻击者可借助覆盖ValueOf函数的Flash内容利用该漏洞执行任意代码，或造成拒绝服务（内存损坏）。以下版本受到影响：基于Windows和OS

Description

Archive from the article CVE-2015-5119 Flash ByteArray UaF: A beginner's walkthrough

Readme

# CVE-2015-5119_walkthrough

File Snapshot


 [4.0K]  /data/pocs/c46466ed96d5773e6b83994744d1cd57de7984ae
├── [ 151]  0_poc.as
├── [ 16K]  0_poc.swf
├── [  61]  1_simplebyte.as
├── [ 16K]  1_simplebyte.swf
├── [  83]  2_simpleobject.as
├── [ 16K]  2_simpleobject.swf
├── [ 136]  3_object_withvalueOf.as
├── [ 16K]  3_object_withvalueOf.swf
└── [  28]  README.md

0 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!