Awesome
Credits
- @Ridter https://github.com/Ridter/CVE-2018-15982_EXP
- @prsecurity https://github.com/prsecurity/CVE-2018-15982
Description
Aggressor Script to launch an Internet Explorer driveby attack using CVE-2018-15982 exploit for Flash player.
Affected Product Versions
- Adobe Flash Player <= 31.0.0.153
- Adobe Flash Player Installer<= 31.0.0.108
Usage:
- Click Host > Host CVE-2018-15982 Payload > Host
- Send link to victim or embed as part of other pages or a redirect
- Victim hits link with IE and outdated flash, you get a shell back in IE sandbox.
Demo
CobaltStrike
- Load CVE-2018-15982.cna