adobe_flash_copy_pixels_to_byte_array: Execution from the flash renderer / Windows 8.1 #5486
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR modifies
modules/exploits/windows/browser/adobe_flash_copy_pixels_to_byte_array.rb
to allow native payload execution from the flash renderer process. So not more powershell. We execute meterpreter directly and we remain in the same flash renderer process.It also adds supports for:
On the other hand, updates adobe_flash_copy_pixels_to_byte_array, adobe_flash_uncompress_zlib_uaf and adobe_flash_net_connection_confusion with GreatRanking since all of them are getting native code execution in the same renderer process without crashing it. And has a good version coverage for Adobe Flash. <-- ping @wchen-r7 let me know if you'd like to discuss something about the criteria!
Verification
modules/exploits/windows/browser/adobe_flash_copy_pixels_to_byte_array