New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 1321 link

Starred by 2 users

Issue metadata

Status: Fixed
Last visit > 30 days ago
Closed: Sep 2017

Sign in to add a comment

Adobe Flash: Out-of-bounds memory read in MP4 parsing

Project Member Reported by, Jul 6 2017

Issue description

The attached MP4 file causes an out-of-bounds memory access when played in flash player.

This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.

982 bytes View Download
1.0 KB Download
Project Member

Comment 1 by, Sep 25 2017

Labels: -Restrict-View-Commit CVE-2017-11281
Status: Fixed (was: New)
Worth noting for those wanting to play with this vuln: place both files (LoadMP4.swf and 7.mp4) in a folder on a web server, then open http://yourserver/LoadMP4.swf?file=7.mp4
To anyone interested, we wrote a free micropatch for this vulnerability - just 4 CPU instructions (could be just one, but we wanted to pop up "Exploit Attempt Blocked"). You can see it in action here: Let us know if you need any help in reproducing the vuln or playing with our micropatch.

Sign in to add a comment