Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbGoogle Security ResearchEDB-ID:38969
HistoryDec 14, 2015 - 12:00 a.m.

Adobe Flash - Type Confusion in IExternalizable.readExternal When Performing Local Serialization

2015-12-1400:00:00
Google Security Research
www.exploit-db.com
14

AI Score

7.4

Confidence

Low

JSON
Source: https://code.google.com/p/google-security-research/issues/detail?id=548

If IExternalizable.readExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption.

A sample swf is attached. ActionScript code is also attached, but it does not compile to the needed to swf. To get the PoC, decompress the swf using flasm -x myswf, and then search for "teadExternal" and change it to "readExternal".


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38969.zip

Related

prion 2
cve 2
nvd 2
ubuntucve 2
cvelist 2
kaspersky 2
redhat 2
altlinux 2
nessus 10
thn 1
openvas 5
mageia 1
checkpoint_advisories 1
archlinux 1
freebsd 1
threatpost 1
gentoo 1
prion
prion
Type confusion
2015-10-18 10:59:00
Type confusion
2015-10-18 10:59:00
cve
cve
CVE-2015-7647
2015-10-18 10:59:13
CVE-2015-7648
2015-10-18 10:59:14
nvd
nvd
CVE-2015-7648
2015-10-18 10:59:14
CVE-2015-7647
2015-10-18 10:59:13
ubuntucve
ubuntucve
CVE-2015-7648
2015-10-18 00:00:00
CVE-2015-7647
2015-10-18 00:00:00
cvelist
cvelist
CVE-2015-7648
2015-10-18 10:00:00
CVE-2015-7647
2015-10-18 10:00:00
kaspersky
kaspersky
KLA10680 Code execution vulnerability in Adobe Flash Player
2015-10-14 00:00:00
KLA10684 Flash Player update for Google Chrome
2015-10-22 00:00:00
redhat
redhat
(RHSA-2015:1913) Critical: flash-plugin security update
2015-10-16 00:00:00
(RHSA-2015:2024) Critical: flash-plugin security update
2015-11-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt55
2015-10-19 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt55
2015-10-19 00:00:00
nessus
nessus
FreeBSD : flash -- remote code execution (84147b46-e876-486d-b746-339ee45a8bb9)
2015-10-19 00:00:00
Flash Player < 19.0.0.226 RCE (APSB15-27) (Pawn Storm)
2015-10-16 00:00:00
MS KB3105216: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
2015-10-20 00:00:00
thn
thn
Emergency Patch released for Latest Flash Zero-Day Vulnerability
2015-10-16 22:06:00
openvas
openvas
Adobe Flash Player Unspecified Vulnerability (Oct 2015) - Windows
2015-10-16 00:00:00
Adobe Flash Player Unspecified Vulnerability (Oct 2015) - Linux
2015-10-16 00:00:00
Mageia: Security Advisory (MGASA-2015-0404)
2015-10-19 00:00:00
mageia
mageia
Updated flash-player-plugin package fix security vulnerabilities
2015-10-17 11:53:25
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player IExternalizable Remote Code Execution (APSA15-05: CVE-2015-7645; CVE-2015-7647; CVE-2015-7648)
2015-10-18 00:00:00
archlinux
archlinux
flashplugin: arbitrary code execution
2015-10-18 00:00:00
freebsd
freebsd
flash -- remote code execution
2015-10-16 00:00:00
threatpost
threatpost
Emergency Adobe Flash Zero Day Patch Arrives Ahead of Schedule
2015-10-16 12:12:28
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-11-17 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:38969
prion2cve2nvd2ubuntucve2cvelist2kaspersky2redhat2altlinux2nessus10thn1openvas5mageia1checkpoint_advisories1archlinux1freebsd1threatpost1gentoo1