New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Sep 2017
Cc:



Sign in to add a comment
link

Issue 1323: Adobe Flash: Out-of-bounds read in applyToRange

Reported by natashenka@google.com, Jul 6 2017 Project Member

Issue description

The attached fuzzed file causes an out-of-bounds read in TextFormat.applyToRange.


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
 
operator.swf
2.2 KB Download

Comment 1 by natashenka@google.com, Sep 25 2017

Project Member
Labels: -Restrict-View-Commit CVE-2017-11282
Status: Fixed (was: New)

Comment 2 by mitja.ko...@acrossecurity.com, Sep 27 2017

Hey Natalie, did you fuzz this manually? The SWF looks like you took a section of bytes from the original SWF and overwritten another part of the SWF with it.

Comment 3 by mitja.ko...@acrossecurity.com, Sep 29 2017

To anyone interested, we wrote a free micropatch for this vulnerability - just 7 CPU instructions. You can see it in action here: https://www.youtube.com/watch?v=6iZnIQbRf5M. Let us know if you need any help in reproducing the vuln or playing with our micropatch.

Sign in to add a comment