VULNERABILITY DETAILS
Run arbitrary versions of Flash Player, and bypass the built-in protection against run old Flash Player

VERSION
Chrome Version: [49.0.2623.87] + [stable]
Operating System: [Windows 7 x64 SP1], [Windows 7 x86 SP1]

REPRODUCTION CASE
In Chrome, you can run older versions of Flash Player, without the user's knowledge.
With the help of this vulnerability can be installed without the user's knowledge vulnerable older Flash version, send it to a website that has a collection of exploits for Flash, and get the desired result.


When ResHacker assistance or Restorator pepflashplayer.dll I patched up to date, and copy it to a folder
C:\Program Files\Google\Chrome\Application\{vesrion}\PepperFlash
C:\Users\{User}\AppData\Local\Google\Chrome\UserData\PepperFlash\{vesrion}\

After that, I open any HTML-page with an exploit for FlashPlayer.


I can write a simple program in Delphi, I can automate the process. Thus, the user will not even know about the source of the virus, and that he had set the old Flash.