Flash: use-after-free in display list handling from KEEN Team, round 2

AN-Master / google-security-research

Automatically exported from code.google.com/p/google-security-research

0 stars 0 forks source link

Flash: use-after-free in display list handling from KEEN Team, round 2 #349

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Credit is to KEEN Team.

3 different PoC's in the attached zip.

Filing as one bug for now; if Adobe say it's multiple different bugs, we'll 
treat it as such.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by cev...@google.com on 25 Apr 2015 at 3:03

Attachments:

UAF2.zip

GoogleCodeExporter commented 8 years ago

Chromium tracking is https://code.google.com/p/chromium/issues/detail?id=481306

Original comment by cev...@google.com on 25 Apr 2015 at 3:10

GoogleCodeExporter commented 8 years ago

Original comment by cev...@google.com on 27 Apr 2015 at 9:17

Added labels: Id-3621

GoogleCodeExporter commented 8 years ago

this one is credit to jihui lu of keenteam.

Original comment by woo...@gmail.com on 13 May 2015 at 11:52

GoogleCodeExporter commented 8 years ago

Original comment by cev...@google.com on 5 Jul 2015 at 6:25

Added labels: CVE-2015-3124

GoogleCodeExporter commented 8 years ago

Fixed: https://helpx.adobe.com/security/products/flash-player/apsb15-16.html

Original comment by cev...@google.com on 9 Jul 2015 at 12:37

Changed state: Fixed
Added labels: Fixed-2015-Jul-8

GoogleCodeExporter commented 8 years ago

Original comment by natashe...@google.com on 18 Aug 2015 at 6:21

Removed labels: Restrict-View-Commit