In this tutorial we will be importing the CVE-2015-5122 (Adobe Flash opaqueBackground Use After Free) Flash Exploit module in Metasploit and have a vulnerable setup download the malicious Flash file. Recent versions of Adobe Flash Player contain critical vulnerabilities within the ActionScript 3 ByteArray, opaqueBackground and BitmapData classes. Exploiting one of these vulnerabilities could allow a remote attacker to execute arbitrary code on the vulnerable system. CVE-2015-5122 is the 3rd zero-day exploit from the Hacking Team data breach and targets the Adobe Flash Player (18.0.0.203) on Windows 7, Windows 8.1 and Google Chrome on Linux based computers. By the time of writing Adobe has already released security updates for Windows, Mac and Linux. This tutorial is for informational purposes only.

Thanks for watching and please subscribe to my channel 🙂

Full written tutorial:

Metasploit CVE-2015-5122 Flash Exploit Tutorial

source