This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.
2547432fd02f1ba4aff29ae93a0c14c41a56c95f4cec7e25e1165d0846aa03ec
Gentoo Linux Security Advisory 201402-6 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Versions less than 11.2.202.336 are affected.
1857ba9319d23c219f2f844dd8bd46236f81d1d7172b1abc562681cf00028b10
Red Hat Security Advisory 2013-1818-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-28, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.332.
23582c18a4a3d6c2c68b2312abb4ab87bfbd0a1da8773518ac07fb095d2fe41b