238 - Flash: AGAL information leak from KeenTeam - project-zero

Starred by 3 users

Status:	Fixed
Owner:	█ cevans@google.com Email to this user bounced
Closed:	Apr 2015
Cc:	█ lv.sam...@gmail.com █ woo...@gmail.com project-...@google.com
Severity-Medium Deadline-90 CVE-2015-3040 Finder-external Id-3259 Finder-keen Reported-2015-Jan-27 CCProjectZeroMembers Product-Flash Vendor-Adobe

Flash: AGAL information leak from KeenTeam

Reported by cevans@google.com, Jan 28 2015

Back to list

Credit is to "Jihui Lu of KeenTeam (@K33nTeam), working with the Chromium vulnerability reward program"

I didn't manage to reproduce this on Linux x64 or virtualized Windows but filing because we trust the quality of KeenTeam submissions.

The accompanying write-up is excellent to attaching verbatim, along with PNG image that shows how the error looks in IE.


This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

	Internet Explorer 11.png 70.3 KB View Download

	HelloTriangleColoredLeak.png 7.1 KB View Download

HelloTriangleColoredLeak.swf
6.1 KB Download

HelloTriangleColoredLeak.html
123 bytes View Download

ReadMe.txt
2.1 KB View Download

Comment 1 by cevans@google.com, Jan 28 2015

Labels: Id-3259

Comment 2 by cevans@google.com, Mar 26 2015

Cc: woo...@gmail.com lv.sam...@gmail.com

Comment 3 by cevans@google.com, Apr 10 2015

Labels: CVE-2015-3040

Comment 4 by cevans@google.com, Apr 14 2015

Status: Fixed

Fixed: https://helpx.adobe.com/security/products/flash-player/apsb15-06.html

Comment 5 by cevans@google.com, May 6 2015

Labels: -Restrict-View-Commit

Reward tracking: https://code.google.com/p/chromium/issues/detail?id=470751

► Sign in to add a comment