New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption #2895
Conversation
Thanks @dukebarman. We need the source of your swf file. Please place it under external/source/exploits as a new directory, thanks again. |
return p | ||
end | ||
|
||
def get_target(agent) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Module needs to use the BrowserExploitServer mixin. Please see:
https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer
Noted. Thanks! |
I'm going to give a chance to this pull request today. |
The ruby code isn't msftidy compliant. That should be fixed:
|
These EOL errors tend to come from writing text files in Windows. You'll |
just for the author interest: I'm currently working in the ActionScript review atm, will update with more feedback once review is finished! |
I had to change the filename to pia.as in order to easily compile with mxmlc. After that, pia.as compiled easily, and it's working on IE6 / Flash 11.5.502.110:
I continue working on it, more feedback will be coming. |
Thanks! I tested on IE8 + Windows XP |
@dukebarman cool, I've deobfuscated and cleaned the AS, I'm cleaning everything and landing in a while, thanks a lot for porting it as a msf module :) kinda nice work :) landing is coming, just let me finish things :) |
Landed, thanks @dukebarman, see final landing here: b0e4648 Helped deofuscating the AS, adding support for Win7 SP1 (without MS13-063!!! since it kills the technique used for ASLR bypass), and fixing a little bit the ruby code. Hope you like :-) btw, just tested with 11.5 versions but prolly it can works in older versions of Flash as is, or with minor tweaking, I hadn't time to test. Also bypass ASLR on win7sp1 with MS13-063 should be feasible :) hadn't time neither to finish it! Maybe in the near future :) Thanks a lot @dukebarman for an awesome contrib! |
Add exploit for 2013-0634. PoC video - http://www.youtube.com/watch?v=kuaofEQ5liA