-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add module for CVE-2015-0556 (Flash copyPixelsToByteArray int overflow) #5154
Add module for CVE-2015-0556 (Flash copyPixelsToByteArray int overflow) #5154
Conversation
ping @bcook-r7 , this pull request shows the "only sending stage message" behavior:
But the sessions are opening correctly:
|
What's different between how I ran it and how you did? I think that's probably the key:
|
I don't set |
No difference here even after setting uripath:
|
Maybe its 'run' vs 'rexploit' , or environmental. |
That's it! Using 'run' displays the notification, using 'rexploit' does not. |
I don't see nothing here with
|
@bcook-r7 So sounds like you're reproducing the issue, right? Can I go ahead and start testing this module and then land it? Or would you like me to hold for longer? Thx! |
This module works for me:
|
I reproduced with rexploit - I don't think that should be a blocker for this module :) |
OK sounds good. Thanks! |
can you provide me adobe flash 14.0.0.176 download link |
Full history in the module References. Another flash bug from Zero Day Initiative which was also exploited in the wild.
This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145 and 14.0.0.125.
Verification
adobe_flash_copy_pixels_to_byte_array - Exploit requirement(s) not met: flash. For more info: http://r-7.co/PVbcgx
message if browser requirements aren't metDEMO