kevinmel2000 / google-security-research

Automatically exported from code.google.com/p/google-security-research
0 stars 0 forks source link

Flash: wild pointer in button handling #399

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
The attached sample, 
signal_sigsegv_7ffff60a1429_9554_f4dc661554237404dfe394d4c6c3e674.swf, crashes 
in this manner on Linux x64:

=> 0x00007f693158481f:  movzbl (%rcx),%r11d
rcx            0x3102ffffecfd   53888954658045

The base sample from which this fuzz case was generated is also attached. We 
believe this may be related to button handling.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by cev...@google.com on 20 May 2015 at 11:18

Attachments:

GoogleCodeExporter commented 8 years ago
PSIRT-3733

Original comment by cev...@google.com on 26 May 2015 at 10:17

GoogleCodeExporter commented 8 years ago

Original comment by natashe...@google.com on 11 Aug 2015 at 3:36

GoogleCodeExporter commented 8 years ago
Fixed in https://helpx.adobe.com/security/products/flash-player/apsb15-19.html

Original comment by natashe...@google.com on 18 Aug 2015 at 7:34

GoogleCodeExporter commented 8 years ago

Original comment by natashe...@google.com on 18 Aug 2015 at 7:34