The following access violation was observed in Adobe Reader X and XI for Windows:
(1230.15dc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=000000ff ebx=00000000 ecx=0c826b50 edx=0c6d0ffd esi=0c6d1000 edi=0017be70
eip=695c4d43 esp=0017bd78 ebp=00000001 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010212
AGM!AGMTerminate+0xf2dcd:
695c4d43 8806 mov byte ptr [esi],al ds:0023:0c6d1000=??
0:000> k
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0017bdec 73144306 AGM!AGMTerminate+0xf2dcd
0017be44 69499a2c BIB!BIBInitialize4+0x50a
0017be48 3b179425 AGM!AGMInitialize+0x2eeb1
Notes:
- Reproduces on Adobe Reader X (10.1.12) and Adobe Reader XI (11.0.09) for Windows, on Windows 7, with Application Verifier enabled.
- The “ESI” register points into a heap boundary of a region of size 0x5c000.
- The crash occurs approximately at the first iteration of a loop, which should normally iterate three times.
- Based on the type of memory reference causing the crash, we can assume it is a heap based buffer overflow.
- Attached samples: signal_sigsegv_f6529e93_1074_172.pdf (crashing file), 172.pdf (original file).
This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.
|
signal_sigsegv_f6529e93_1074_172.zip
2.0 MB
Download
|