New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 1321 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Sep 2017
Cc:



Sign in to add a comment

Adobe Flash: Out-of-bounds memory read in MP4 parsing

Project Member Reported by natashenka@google.com, Jul 6 2017

Issue description

The attached MP4 file causes an out-of-bounds memory access when played in flash player.


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.

 
7.mp4
982 bytes View Download
LoadMP4.swf
1.0 KB Download
Project Member

Comment 1 by natashenka@google.com, Sep 25 2017

Labels: -Restrict-View-Commit CVE-2017-11281
Status: Fixed (was: New)
Worth noting for those wanting to play with this vuln: place both files (LoadMP4.swf and 7.mp4) in a folder on a web server, then open http://yourserver/LoadMP4.swf?file=7.mp4
To anyone interested, we wrote a free micropatch for this vulnerability - just 4 CPU instructions (could be just one, but we wanted to pop up "Exploit Attempt Blocked"). You can see it in action here: https://www.youtube.com/watch?v=CvmnUeza9zw. Let us know if you need any help in reproducing the vuln or playing with our micropatch.

Sign in to add a comment