| Name | adobe_flash_otf_parsing |
| CVE | CVE-2012-1535 |
| Exploit Pack | CANVAS |
| Description | adobe_flash_otf_parsing |
| Notes | CVE Name: CVE-2012-1535 VENDOR: Adobe Notes: This exploit takes advantage of a integer overflow that leads to a heap based buffer overflow. The kern_table contains an integer that when set to >= 0x1000000 leads to integer wrap which eventually triggers a function pointer call. Using a carefully constructed heap spray, an attacker can control the memory located at the function pointer and achieve reliable code execution. Tested on: * Windows XP Professional SP3 English with Internet Explorer 6 * Windows XP Professional SP3 English with Internet Explorer 7 * Windows XP Professional SP3 English with Internet Explorer 8 * Windows Vista English with Internet Explorer 7 * Windows Vista English with Internet Explorer 8 * Windows Vista English with Internet Explorer 9 * Windows 7 English with Internet Explorer 8 * Windows 7 English with Internet Explorer 9 Usage (important): This exploit will most likley not work with the js_recon module as loading third party software will damage heap offsets. VersionsAffected: Adobe Flash Player 11.3.300.257/11.3.300.265/11.3.300.268 Repeatability: Once References: http://www.adobe.com/support/security/bulletins/apsb12-18.html CVE Url: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1535 Date public: 07/16/2012 CVSS: 9.0 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |