794 - Adobe Flash: Out-of-bounds Read when Placing Object - project-zero

Starred by 3 users

Status:	Fixed
Owner:	natashenka@google.com
Closed:	May 2016
Cc:	project-...@google.com
Finder-natashenka Deadline-90 CCProjectZeroMembers Product-Flash Severity-High Vendor-Adobe Finder-mjurczyk Reported-2016-Apr-5 CVE-2016-1104

Adobe Flash: Out-of-bounds Read when Placing Object

Project Member Reported by natashenka@google.com, Apr 4 2016

Back to list

There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read.

A PoC is attached. To reproduce issue, put both files on a server, and load:

http://127.0.0.1/LoadImage.swf?img=70



This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

70
68 bytes View Download

LoadImage.swf
1.2 KB Download

Project Member Comment 1 by natashenka@google.com, Apr 5 2016

Labels: -Reported-2016-Apr-4 Reported-2016-Apr-5

Project Member Comment 2 by natashenka@google.com, May 16 2016

Labels: -Restrict-View-Commit CVE-2016-1104
Status: Fixed

Fixed in May update

► Sign in to add a comment