iwm911 / google-security-research

Automatically exported from code.google.com/p/google-security-research
0 stars 0 forks source link

Adobe Flash: Use-after-free when rendering displays from multiple scripts #628

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
There is a use-after-free that appears to be related to rendering the display 
based on multiple scripts. A PoC is attached, tested on Windows only. Note the 
PoC is somewhat unreliable on some browsers, sometimes it needs to render a 
minute or two in the foreground before crashing. This is related to 
unreliability in the freed object being reallocated as a value that causes the 
crash, not unreliability in the underlying bug (it crashes immediately in a 
debug build of Flash). With enough effort, an attacker could likely trigger the 
issue immediately.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by natashe...@google.com on 12 Nov 2015 at 11:04

Attachments:

GoogleCodeExporter commented 8 years ago
PSIRT-4290 and CVE-2015-8635

Original comment by natashe...@google.com on 8 Jan 2016 at 7:47