1322 - Adobe Flash: Out-of-bounds write in MP4 Edge Processing - project-zero

Starred by 2 users

Status:	Fixed
Owner:	natashenka@google.com
Closed:	Sep 25
Cc:	project-...@google.com
Finder-natashenka Deadline-90 CCProjectZeroMembers Product-Flash Severity-High Vendor-Adobe Finder-mjurczyk Reported-2017-Jul-5 Methodology-Fuzzing CVE-2017-11281

Adobe Flash: Out-of-bounds write in MP4 Edge Processing

Project Member Reported by natashenka@google.com, Jul 6

Back to list

The attached fuzzed MP4 file causes an out-of-bounds memory access when played with Adobe Flash 


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.

	emu.mp4 328 bytes View Download

LoadMP4.swf
1.0 KB Download

Project Member Comment 1 by natashenka@google.com, Sep 25

Labels: -Restrict-View-Commit CVE-2017-11281
Status: Fixed

Comment 2 by mitja.ko...@acrossecurity.com, Sep 27

Worth noting for those wanting to play with this vuln: place both files (LoadMP4.swf and emu.mp4) in a folder on a web server, then open http://yourserver/LoadMP4.swf?file=emu.mp4

► Sign in to add a comment