Métriques
Métriques |
Score |
Gravité |
CVSS Vecteur |
Source |
V2 |
10 |
|
AV:N/AC:L/Au:N/C:C/I:C/A:C |
[email protected] |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 37875
Date de publication : 2015-08-18 22h00 +00:00
Auteur : Google Security Research
EDB Vérifié : Yes
Source: https://code.google.com/p/google-security-research/issues/detail?id=410&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id
The following crash was observed in Flash Player 17.0.0.188 on Windows:
(81c.854): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=37397006 ebx=00000000 ecx=008c0493 edx=09f390d0 esi=08c24d98 edi=09dc2000
eip=07a218cb esp=015eda80 ebp=015edb24 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050216
Flash32_17_0_0_188+0x18cb:
07a218cb ff6004 jmp dword ptr [eax+0x4] ds:0023:3739700a=????????
- The test case reproduces on Windows 7 using IE11. It does not appear to immediately reproduce on Windows+Chrome or Linux+Chrome.
- The crash can also reproduce on one of the two mov instructions prior to the jmp shown here.
- The crash appears to occur due to a use-after-free related to loading a sub-resource from a URL.
- The test case minimizes to an 11-bit difference from the original sample file.
- The following test cases are attached: 2038518113_crash.swf (crashing file), 2038518113_min.swf (minimized file), 2038518113_orig.swf (original non-crashing file).
Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37875.zip
Products Mentioned
Configuraton 0
Adobe>>Air >> Version To (including) 18.0.0.144
Adobe>>Air_sdk >> Version To (including) 18.0.0.144
Adobe>>Air_sdk_\&_compiler >> Version To (including) 18.0.0.144
Configuraton 0
Adobe>>Flash_player >> Version To (including) 13.0.0.289
Adobe>>Flash_player >> Version 14.0.0.125
Adobe>>Flash_player >> Version 14.0.0.145
Adobe>>Flash_player >> Version 14.0.0.176
Adobe>>Flash_player >> Version 14.0.0.179
Adobe>>Flash_player >> Version 15.0.0.152
Adobe>>Flash_player >> Version 15.0.0.167
Adobe>>Flash_player >> Version 15.0.0.189
Adobe>>Flash_player >> Version 15.0.0.223
Adobe>>Flash_player >> Version 15.0.0.239
Adobe>>Flash_player >> Version 15.0.0.246
Adobe>>Flash_player >> Version 16.0.0.235
Adobe>>Flash_player >> Version 16.0.0.257
Adobe>>Flash_player >> Version 16.0.0.287
Adobe>>Flash_player >> Version 16.0.0.296
Adobe>>Flash_player >> Version 17.0.0.134
Adobe>>Flash_player >> Version 17.0.0.169
Adobe>>Flash_player >> Version 17.0.0.188
Adobe>>Flash_player >> Version 17.0.0.190
Adobe>>Flash_player >> Version 18.0.0.160
Adobe>>Flash_player >> Version 18.0.0.194
Apple>>Mac_os_x >> Version -
Microsoft>>Windows >> Version -
Configuraton 0
Adobe>>Flash_player >> Version To (including) 11.2.202.468
Linux>>Linux_kernel >> Version -
Références