AN-Master / google-security-research

Automatically exported from code.google.com/p/google-security-research
0 stars 0 forks source link

Flash: uninitialized memory information leak when shading into a ByteArray (#2) #375

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
A PoC (source and SWF) are attached, along with a screenshot of the rendering 
of the uninitialized content into a Bitmap.

Sometimes, the PoC will render just a black image. To get things a bit more 
leaky, I found that playing a Flash video in a second tab whilst refreshing the 
PoC seems to do the trick reliably.

Unfortunately, this appears to be an incorrect fix for 
https://code.google.com/p/google-security-research/issues/detail?id=319. Bug 
319 used a zero mask to cause uninitialized memory, and that PoC does seem to 
be fixed. This latest PoC uses a non-zero but non-complete mask to achieve a 
similar affect.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by cev...@google.com on 12 May 2015 at 7:24

Attachments:

GoogleCodeExporter commented 8 years ago

Original comment by cev...@google.com on 12 May 2015 at 9:03

GoogleCodeExporter commented 8 years ago

Original comment by cev...@google.com on 4 Jun 2015 at 9:22

GoogleCodeExporter commented 8 years ago
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

Original comment by cev...@google.com on 9 Jun 2015 at 5:45

GoogleCodeExporter commented 8 years ago

Original comment by cev...@google.com on 26 Jun 2015 at 7:30

GoogleCodeExporter commented 8 years ago

Original comment by cev...@google.com on 26 Jun 2015 at 7:30