Adobe Flash SharedObject Use After Free

Strike ID:
E14-7vi01
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
f
Variants:
6
Year:
2014

Description

This strike exploits a Use After Free vulnerability on Adobe Flash Player. The vulnerability can be triggered due to inadequate memory management when using a SharedObject entities. A user could be manipulated into accessing a web page that downloads and executes a malicious file that can lead to arbitrary code execution with local user privileges. All versions of flash player below 12.0.0.44 and 11.2.202.341 are affected.

CVE

References

Bid