Code:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Flash Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists within the connect method exposed via the
ActionScript native object number 2200. If this function is called
several times with differing strings, a memory corruption issue can be
triggered. This can be exploited by remote attackers to execute
arbitrary code under the context of the user running the web browser.
Code:
http://www.zerodayinitiative.com/advisories/ZDI-10-111/
0 comments:
Post a Comment