Adobe Flash Player Use-After-Free Remote Code Execution

This repository provides a proof-of-concept exploit for CVE-2018-15982, a critical vulnerability in Adobe Flash Player. The main file, CVE_2018_15982.py, is a Python script that takes user-supplied x86 and x64 shellcode binaries (typically generated with msfvenom) and crafts a malicious SWF file (exploit.swf) that exploits the vulnerability. The script also generates an index.html file that embeds the SWF, enabling browser-based exploitation. The README provides usage instructions and a demonstration. The exploit enables arbitrary code execution on vulnerable systems, as shown by launching calc.exe or a reverse shell. The repository structure is straightforward: the Python exploit generator, a sample HTML page for delivery, a README, and a shell script for git operations. No hardcoded network endpoints are present; the payload is user-supplied. The attack vector is browser-based, targeting users who open the crafted HTML/SWF in a vulnerable Flash environment.

This repository contains a Cobalt Strike Aggressor Script (CVE-2018-15982.cna) that automates the generation and hosting of a drive-by browser exploit for CVE-2018-15982, a critical vulnerability in Adobe Flash Player (<= 31.0.0.153). The script creates both a malicious SWF file and an HTML file that embeds it, hosting them on a specified local host and port. The payload delivered is a PowerShell stager or stageless shell, providing the attacker with code execution in the context of Internet Explorer's sandbox when a vulnerable user visits the hosted page. The exploit is operational and designed for use within the Cobalt Strike framework, leveraging its payload generation and web hosting capabilities. The README provides usage instructions and affected product versions. No hardcoded external IPs or domains are present; the host and URI are configurable by the operator.

This repository contains a Python script (CVE_2018_15982.py) that generates a malicious SWF file exploiting CVE-2018-15982, a critical vulnerability in Adobe Flash Player. The script takes two shellcode binaries (x86 and x64, typically generated with msfvenom) as input and embeds them into a crafted SWF file (exploit.swf). It also generates an index.html file that embeds the SWF, facilitating delivery via a web browser. The exploit targets Windows systems running vulnerable versions of Adobe Flash Player. Successful exploitation results in arbitrary code execution, with the payload fully customizable by the attacker. The repository is structured with a single exploit script and a README providing usage instructions. No hardcoded network endpoints are present; the exploit is delivered via the generated files.