Name | adobe_flash_metadata_uaf |
CVE | CVE-2018-15982 |
Exploit Pack | CANVAS |
Description | adobe_flash_metadata_uaf |
Notes | CVE Name: CVE-2018-15982 VENDOR: Adobe NOTES: In the package com.adobe.tvsdk.mediacore.metadata the setObject method does not set a reference to the key String Object so if we force the GC this memory will be released but it will still be in our vector (Use-After-Free). This exploit only support x86 targets, this has been tested on Windows 7 with Flash Player 31.0.0.153. VersionsAffected: Affects all Flash versions from 19.0 up to and including 31.0.0.153 Repeatability: Infinite References: CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15982 Date public: 07/12/2018 CVSS: N/A |
Learn more about the CANVAS Exploit Pack here: CANVAS |