CVE-2018-15982 PoC — Adobe Flash Player 安全漏洞

Source

https://github.com/scanfsec/CVE-2018-15982

Associated Vulnerability

Title:Adobe Flash Player 安全漏洞 (CVE-2018-15982)
Description:Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Description

Aggressor Script to launch IE driveby for CVE-2018-15982.

Readme

Credits
=========
- @Ridter https://github.com/Ridter/CVE-2018-15982_EXP
- @prsecurity https://github.com/prsecurity/CVE-2018-15982

Description
===========

Aggressor Script to launch an Internet Explorer driveby attack using CVE-2018-15982 exploit for Flash player.


Affected Product Versions
================

- Adobe Flash Player <= 31.0.0.153
- Adobe Flash Player Installer<= 31.0.0.108


Usage:
======

* Click Host > Host CVE-2018-15982 Payload > Host
* Send link to victim or embed as part of other pages or a redirect
* Victim hits link with IE and outdated flash, you get a shell back in IE sandbox.


Demo
===========

![Alt text](./demo.gif)



CobaltStrike
============

* Load CVE-2018-15982.cna

File Snapshot


 [4.0K]  /data/pocs/890f0deec73643e9f6a475a59f09fa8372268f45
├── [ 36K]  CVE-2018-15982.cna
├── [ 13M]  demo.gif
└── [ 713]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!