Issue metadata
Sign in to add a comment
|
Security: Adobe Flash Player Use After Free Vulnerability Valentine Series (5)
Reported by
xiong12...@gmail.com,
Feb 15 2017
|
||||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 57.0.2987.21 beta (64-bit), pepflashplayer 24.0.0.221 Operating System: Windows 7 en 64-bit REPRODUCTION CASE Open the poc in the attachment with chrome and observe the crash. There is also a detailed write-up about the vulnerability in the attachment. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: tab Crash State: (d94.13e0): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. 5:052> g (afc.1140): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. pepflashplayer!PPP_ShutdownBroker+0x9893a5: 000007fe`def4dba5 4c8b5608 mov r10,qword ptr [rsi+8] ds:00000000`7ffff008=???????????????? 8:118> k Child-SP RetAddr Call Site 00000000`002cd720 000007fe`de7dff3b pepflashplayer!PPP_ShutdownBroker+0x9893a5 00000000`002cd750 000007fe`de9ac2e1 pepflashplayer!PPP_ShutdownBroker+0x21b73b 00000000`002cd8a0 000007fe`de9b2b25 pepflashplayer!PPP_ShutdownBroker+0x3e7ae1 00000000`002cd920 000007fe`de7ada8a pepflashplayer!PPP_ShutdownBroker+0x3ee325 00000000`002ce0d0 000007fe`de7aeade pepflashplayer!PPP_ShutdownBroker+0x1e928a 00000000`002ce130 000007fe`de7f7339 pepflashplayer!PPP_ShutdownBroker+0x1ea2de 00000000`002ce3f0 000007fe`de7f72e6 pepflashplayer!PPP_ShutdownBroker+0x232b39 00000000`002ce420 000007fe`de7bd111 pepflashplayer!PPP_ShutdownBroker+0x232ae6 00000000`002ce470 000007fe`de5db75d pepflashplayer!PPP_ShutdownBroker+0x1f8911 00000000`002ce500 000007fe`de60127b pepflashplayer!PPP_ShutdownBroker+0x16f5d 00000000`002ce710 000007fe`de60118e pepflashplayer!PPP_ShutdownBroker+0x3ca7b 00000000`002ce760 000007fe`de60163c pepflashplayer!PPP_ShutdownBroker+0x3c98e *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.21\chrome_child.dll - 00000000`002ce790 000007fe`e1c32574 pepflashplayer!PPP_ShutdownBroker+0x3ce3c 00000000`002ce7c0 000007fe`e1c780d5 chrome_child!IsSandboxedProcess+0x216f4 00000000`002ce7f0 000007fe`e1c4cf8a chrome_child!IsSandboxedProcess+0x67255 00000000`002ce860 000007fe`e1c4cabc chrome_child!IsSandboxedProcess+0x3c10a 00000000`002ce890 000007fe`e1c4cc06 chrome_child!IsSandboxedProcess+0x3bc3c 00000000`002ce900 000007fe`e1c1df96 chrome_child!IsSandboxedProcess+0x3bd86 00000000`002cea70 000007fe`e05d23fe chrome_child!IsSandboxedProcess+0xd116 00000000`002ceaa0 000007fe`e058718c chrome_child!ovly_debug_event+0xc9fce Credit: Yuki Chen Of Qihoo 360 Vulcan Team
,
Feb 15 2017
Natalie, would you mind helping with these?
,
Feb 15 2017
Sorry, I think you forgot the attachment here
,
Feb 16 2017
Sorry, here's the attachment, thank you!
,
Feb 16 2017
Thanks, just reported this.
,
Feb 17 2017
This is PSIRT-6431.
,
Mar 10 2017
Adobe says this is the same as 676773.
,
Mar 11 2017
Same issue ? Okay Adobe Wins...
,
Feb 16 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 Deleted