Issue metadata
Sign in to add a comment
|
Security: Use after free vulnerability about psdk in the latest version
Reported by
jiezengo...@gmail.com,
Aug 25 2017
|
||||||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS This is a UAF vulnerability about psdk. VERSION pepflashplayer32_26_0_0_151 windows 7 x86 (ther operating systems may also crash,but not test) FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: 5a6311a0 83c104 add ecx,4 5a6311a3 8b01 mov eax,dword ptr [ecx] 5a6311a5 ff10 call dword ptr [eax] ds:0023:feeefeee=???????? Crash State: 4:054> dd ecx 00d231c4 feeefeee feeefeee feeefeee feeefeee 00d231d4 feeefeee feeefeee feeefeee feeefeee 00d231e4 feeefeee feeefeee feeefeee feeefeee 00d231f4 feeefeee feeefeee feeefeee feeefeee
,
Aug 25 2017
Issue 758840 has been merged into this issue.
,
Aug 25 2017
,
Aug 28 2017
natashenka@, would you be the right person to look at this?
,
Aug 29 2017
,
Aug 29 2017
,
Aug 31 2017
I'm sorry I forgot something shown below. Credit is to "JieZeng of Tencent Zhanlu Lab". Please report it as soon as possible.
,
Sep 6 2017
,
Sep 8 2017
natashenka: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 8 2017
Thanks, I've reported this to Adobe
,
Oct 18 2017
,
Dec 7 2017
,
Jan 25 2018
,
Jan 25 2018
This is PSIRT-7239 and has been fixed
,
Jan 29 2018
,
Feb 5 2018
*** Boilerplate reminders! *** Please do NOT publicly disclose details until a fix has been released to all our users. Early public disclosure may cancel the provisional reward. Also, please be considerate about disclosure when the bug affects a core library that may be used by other products. Please do NOT share this information with third parties who are not directly involved in fixing the bug. Doing so may cancel the provisional reward. Please be honest if you have already disclosed anything publicly or to third parties. Lastly, we understand that some of you are not interested in money. We offer the option to donate your reward to an eligible charity. If you prefer this option, let us know and we will also match your donation - subject to our discretion. Any rewards that are unclaimed after 12 months will be donated to a charity of our choosing. *********************************
,
Feb 6 2018
And $5,000 for this one :-)
,
Feb 6 2018
,
Feb 6 2018
OK,I will do not publicly disclose details with others.
,
Feb 8 2018
,
Feb 8 2018
,
Feb 9 2018
This bug requires manual review: M65 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 9 2018
[Bulk Edit] +awhalley@ (Security TPM) for M65 merge review
,
Feb 9 2018
No merge needed
,
Mar 6 2018
,
Mar 7 2018
,
Apr 25 2018
,
May 4 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||||
Comment 1 by jiezengo...@gmail.com
, Aug 25 2017