Issue metadata
Sign in to add a comment
|
Security: Adobe Flash Player Use After Free Vulnerability Valentine Series (1)
Reported by
xiong12...@gmail.com,
Feb 15 2017
|
||||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 57.0.2987.21 beta (64-bit), pepflashplayer 24.0.0.221 Operating System: Windows 7 en 64-bit REPRODUCTION CASE Open the poc in the attachment with chrome and observe the crash. There is also a detailed write-up about the vulnerability in the attachment. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: tab Crash State: (18a4.1a94): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. pepflashplayer!PPP_ShutdownBroker+0x2291d7: 000007fe`d9acd9d7 488b4750 mov rax,qword ptr [rdi+50h] ds:00000000`80000040=???????????????? 7:107> k Child-SP RetAddr Call Site 00000000`0019dc40 000007fe`d9c91659 pepflashplayer!PPP_ShutdownBroker+0x2291d7 00000000`0019dcb0 000007fe`d9a8da8a pepflashplayer!PPP_ShutdownBroker+0x3ece59 00000000`0019e460 000007fe`d9a8eade pepflashplayer!PPP_ShutdownBroker+0x1e928a 00000000`0019e4c0 000007fe`d9ad7339 pepflashplayer!PPP_ShutdownBroker+0x1ea2de 00000000`0019e780 000007fe`d9ad72e6 pepflashplayer!PPP_ShutdownBroker+0x232b39 00000000`0019e7b0 000007fe`d9a9d111 pepflashplayer!PPP_ShutdownBroker+0x232ae6 00000000`0019e800 000007fe`d98bb75d pepflashplayer!PPP_ShutdownBroker+0x1f8911 00000000`0019e890 000007fe`d98e127b pepflashplayer!PPP_ShutdownBroker+0x16f5d 00000000`0019eaa0 000007fe`d98e118e pepflashplayer!PPP_ShutdownBroker+0x3ca7b 00000000`0019eaf0 000007fe`d98e163c pepflashplayer!PPP_ShutdownBroker+0x3c98e *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.21\chrome_child.dll - 00000000`0019eb20 000007fe`d57d2574 pepflashplayer!PPP_ShutdownBroker+0x3ce3c 00000000`0019eb50 000007fe`d58180d5 chrome_child!IsSandboxedProcess+0x216f4 00000000`0019eb80 000007fe`d57ecf8a chrome_child!IsSandboxedProcess+0x67255 00000000`0019ebf0 000007fe`d57ecabc chrome_child!IsSandboxedProcess+0x3c10a 00000000`0019ec20 000007fe`d57ecc06 chrome_child!IsSandboxedProcess+0x3bc3c 00000000`0019ec90 000007fe`d57bdf96 chrome_child!IsSandboxedProcess+0x3bd86 00000000`0019ee00 000007fe`d41723fe chrome_child!IsSandboxedProcess+0xd116 00000000`0019ee30 000007fe`d412718c chrome_child!ovly_debug_event+0xc9fce 00000000`0019ef90 000007fe`d41729b6 chrome_child!ovly_debug_event+0x7ed5c 00000000`0019f0b0 000007fe`d4171b8c chrome_child!ovly_debug_event+0xca586 Credit: Yuki Chen Of Qihoo 360 Vulcan Team
,
Feb 15 2017
Natalie, would you mind helping with these?
,
Feb 15 2017
Thanks, I've reported this.
,
Feb 16 2017
This is PSIRT-6411
,
Mar 10 2017
Adobe says this is the same as 676773.
,
Feb 16 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 Deleted