Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.
Flash Player version prior to 184.108.40.206 do not properly validate the Copyright statement key (CPRT) in the tag information section of MP4 files. This may result in a heap overflow. An attacker may exploit this vulnerability by hosting a Flash applet on a website that loads a specially formatted MP4 file.
Update to Flash Player 220.127.116.11 or newer.
This exploit has been tested against Adobe Flash Player 18.104.22.168 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Windows 7 targets must have JRE 6 installed.
The user must open the exploit page using Firefox 11 (XP only), or Internet Explorer 7, 8, or 9.
This exploit uses a heap spray which depends on some conditions that may not always be met. Reliability of the exploit may vary depending on these conditions.