Issue metadata
Sign in to add a comment
|
Security: Adobe Flash Player Use After Free Vulnerability Valentine Series (9)
Reported by
xiong12...@gmail.com,
Feb 15 2017
|
||||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 57.0.2987.21 beta (64-bit), pepflashplayer 24.0.0.221 Operating System: Windows 7 en 64-bit REPRODUCTION CASE Open the poc in the attachment with chrome and observe the crash. There is also a detailed write-up about the vulnerability in the attachment. FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: tab Crash State: (1608.1948): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. pepflashplayer!PPP_ShutdownBroker+0x21704e: 000007fe`de7db84e 498b88c0000000 mov rcx,qword ptr [r8+0C0h] ds:00000000`800000b0=???????????????? 0:000> k Child-SP RetAddr Call Site 00000000`0019da00 000007fe`de7db9f2 pepflashplayer!PPP_ShutdownBroker+0x21704e 00000000`0019da60 000007fe`de86f470 pepflashplayer!PPP_ShutdownBroker+0x2171f2 00000000`0019dab0 000007fe`de7d5103 pepflashplayer!PPP_ShutdownBroker+0x2aac70 00000000`0019db90 000007fe`de9b2a15 pepflashplayer!PPP_ShutdownBroker+0x210903 00000000`0019dda0 000007fe`de7ada8a pepflashplayer!PPP_ShutdownBroker+0x3ee215 00000000`0019e550 000007fe`de7aeade pepflashplayer!PPP_ShutdownBroker+0x1e928a 00000000`0019e5b0 000007fe`de7f7339 pepflashplayer!PPP_ShutdownBroker+0x1ea2de 00000000`0019e870 000007fe`de7f72e6 pepflashplayer!PPP_ShutdownBroker+0x232b39 00000000`0019e8a0 000007fe`de7bd111 pepflashplayer!PPP_ShutdownBroker+0x232ae6 00000000`0019e8f0 000007fe`de5db75d pepflashplayer!PPP_ShutdownBroker+0x1f8911 00000000`0019e980 000007fe`de60127b pepflashplayer!PPP_ShutdownBroker+0x16f5d 00000000`0019eb90 000007fe`de60118e pepflashplayer!PPP_ShutdownBroker+0x3ca7b 00000000`0019ebe0 000007fe`de60163c pepflashplayer!PPP_ShutdownBroker+0x3c98e *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.21\chrome_child.dll - 00000000`0019ec10 000007fe`e1c32574 pepflashplayer!PPP_ShutdownBroker+0x3ce3c 00000000`0019ec40 000007fe`e1c780d5 chrome_child!IsSandboxedProcess+0x216f4 00000000`0019ec70 000007fe`e1c4cf8a chrome_child!IsSandboxedProcess+0x67255 00000000`0019ece0 000007fe`e1c4cabc chrome_child!IsSandboxedProcess+0x3c10a 00000000`0019ed10 000007fe`e1c4cc06 chrome_child!IsSandboxedProcess+0x3bc3c 00000000`0019ed80 000007fe`e1c1df96 chrome_child!IsSandboxedProcess+0x3bd86 00000000`0019eef0 000007fe`e05d23fe chrome_child!IsSandboxedProcess+0xd116 Credit: Yuki Chen Of Qihoo 360 Vulcan Team
,
Feb 15 2017
Natalie, would you mind helping with these?
,
Feb 15 2017
Thanks, I've reported this one
,
Feb 16 2017
This is PSIRT-6408
,
Mar 10 2017
Adobe says this is the same as 676773.
,
Feb 16 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 Deleted