Adobe Flash CVE-2018-4935 – Arbitrary Code Execution

Authors:Google Security Research   Risk:High 

CVE:CVE-2018-4935                 0day:Arbitrary Code Execution

0day -id:0DAY-4935                 Date:2018-04-25

Description

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities where a successful exploitation could lead to arbitrary code execution in the context of the current user.

Analysis

The attached fuzzed swf file causes heap or stack corruption (depending on platform) when rendering a slab.

This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge.

POC

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44527.zip

Leave a Reply