1321 - Adobe Flash: Out-of-bounds memory read in MP4 parsing - project-zero

Starred by 2 users

Status:	Fixed
Owner:	natashenka@google.com
Closed:	Sep 25
Cc:	project-...@google.com
Finder-natashenka Deadline-90 CCProjectZeroMembers Product-Flash Vendor-Adobe Severity-Moderate Finder-mjurczyk Reported-2017-Jul-5 Methodology-Fuzzing CVE-2017-11281

Adobe Flash: Out-of-bounds memory read in MP4 parsing

Project Member Reported by natashenka@google.com, Jul 6

Back to list

The attached MP4 file causes an out-of-bounds memory access when played in flash player.


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.

	7.mp4 982 bytes View Download

LoadMP4.swf
1.0 KB Download

Project Member Comment 1 by natashenka@google.com, Sep 25

Labels: -Restrict-View-Commit CVE-2017-11281
Status: Fixed

Comment 2 by mitja.ko...@acrossecurity.com, Sep 27

Worth noting for those wanting to play with this vuln: place both files (LoadMP4.swf and 7.mp4) in a folder on a web server, then open http://yourserver/LoadMP4.swf?file=7.mp4

Comment 3 by mitja.ko...@acrossecurity.com, Oct 3

To anyone interested, we wrote a free micropatch for this vulnerability - just 4 CPU instructions (could be just one, but we wanted to pop up "Exploit Attempt Blocked"). You can see it in action here: https://www.youtube.com/watch?v=CvmnUeza9zw. Let us know if you need any help in reproducing the vuln or playing with our micropatch.

► Sign in to add a comment