11 min
Exploits
Exploiting a 64-bit browser with Flash CVE-2015-5119 (Part 2)
This post is a continuation of Exploiting a 64-bit browser with Flash
CVE-2015-5119 [/2015/07/31/supporting-a-64-bits-renderer-on-flash-cve-2015-5119]
, where we explained how to achieve arbitrary memory read/write on a 64-bit IE
renderer. As a reminder, we are targeting Windows 8.1 / IE11 (64 bits) with
Flash 15.0.0.189. Of course, this write-up may contain a few errors, so your
mileage may vary =)
Where we left off before, we had created an interface to work with memory by
using a corrupted
3 min
Exploits
Exploiting a 64-bit browser with Flash CVE-2015-5119
Some weeks ago, on More Flash Exploits in the Framework
[/2015/06/30/more-on-flash-exploits-into-the-framework], we introduced the
flash_exploiter library, which is used by Metasploit to quickly add new Flash
exploit modules. If you read that blog entry, then you already know that
flash_exploiter only supports 32-bit browsers (renderers). In this blog post, we
will demonstrate initial steps in adding IE11 64-bit support to CVE-2015-5119
[http://www.cvedetails.com/cve/CVE-2015-5119/] , which is o
8 min
Flash
More Flash Exploits in the Framework
As todb [/author/tod-beardsley/] pointed out in the last weekly metasploit
update wrapup [/2015/06/26/weekly-metasploit-wrapup] we recently added two new
exploits for Flash: CVE-2015-3090
[http://www.cvedetails.com/cve-details.php?cve_id=CVE-2015-3090] and
CVE-2015-3105 [http://www.cvedetails.com/cve-details.php?cve_id=CVE-2015-3105],
based on the samples found in the wild.
As you're probably aware, the last years, and especially the end of 2014 and
2015, Flash has become the trending target f
2 min
Microsoft
Patch Tuesday - September 2014
It's a light round of Microsoft Patching this month. Only four advisories, of
which only one is critical. The sole critical issue this month is the expected
Internet Explorer roll up affecting all supported (and likely some unsupported)
versions. This IE roll up addresses 36 privately disclosed Remote Code
Execution issues and 1 publically disclosed Information Disclosure issue which
is under limited attack in the wild. This will be the top patching priority for
this month.
Of the three no
2 min
Metasploit
Federal Friday - 2.28.14 - Flash Zero Day Targets Foreign Policy Sites
Federal Friday has come again, which means another week has passed us by. It's
been a busy week for the Moose of Rapid7 with an imminent move for our Boston HQ
for on the horizon. We also had a great week at RSA with SC Magazine naming
Nexpose the Best Vulerability Management Solution!
The threat landscape has had a wild few days with a major security flaw for
Apple desktops and iOS devices as well as another IE zero day being discovered.
In addition, a detailed report from FireEye
[http://www.
1 min
Patch Tuesday
Adobe joins the January patching fun!
Adobe has released two advisories today (APSB13-01
[http://www.adobe.com/support/security/advisories/apsa13-01.html] & APSB13-02
[http://www.adobe.com/support/security/bulletins/apsb13-02.html]) for Flash and
Acrobat/Reader and updated their recent advisory
[http://www.adobe.com/support/security/advisories/apsa13-01.html] for
ColdFusion.
The Flash patch applies to all versions including Windows, Linux, Mac, Android,
embedded in Chrome & IE 10, and AIR. This is a serious bug, since Adobe is
adm