Lucene search

K

Adobe Flash (Linux x64) - Bad Dereference at 0x23c

🗓️ 19 Aug 2015 00:00:00Reported by Google Security ResearchType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 15 Views

Adobe Flash (Linux x64) - Bad Dereference at 0x23c. Use-after-free vulnerabilit

Show more
Related
Code
ReporterTitlePublishedViews
Family
Check Point Advisories
Adobe Flash Player Memory Corruption (APSB15-19: CVE-2015-5546)
16 Aug 201500:00
checkpoint_advisories
UbuntuCve
CVE-2015-5547
14 Aug 201500:00
ubuntucve
UbuntuCve
CVE-2015-5549
14 Aug 201500:00
ubuntucve
UbuntuCve
CVE-2015-5546
14 Aug 201500:00
ubuntucve
UbuntuCve
CVE-2015-5553
14 Aug 201500:00
ubuntucve
UbuntuCve
CVE-2015-5545
14 Aug 201500:00
ubuntucve
UbuntuCve
CVE-2015-5552
14 Aug 201500:00
ubuntucve
UbuntuCve
CVE-2015-5544
14 Aug 201500:00
ubuntucve
UbuntuCve
CVE-2015-5548
14 Aug 201500:00
ubuntucve
CVE
CVE-2015-5544
14 Aug 201501:59
cve
Rows per page
Source: https://code.google.com/p/google-security-research/issues/detail?id=398&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id

The attached sample, signal_sigsegv_7ffff603deef_1525_268381c02bc3b05c84578ebaeafc02f0.swf, typically crashes in this way on my Linux x64 build (Flash v17.0.0.188):

=> 0x00007f693155bf58:	mov    (%rdi),%rbx
rdi            0x23c	572

At first glance this might appear to be a NULL dereference but sometimes it crashes trying to access 0xc8 and different builds have shown crashes at much wilder addresses, so there is probably a use-after-free or other non-deterministic condition going on. For example, our fuzzing cluster saw a crash at 0x400000001.

The base sample from which the fuzz case is derived is also attached.

Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37868.zip

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
19 Aug 2015 00:00Current
7.4High risk
Vulners AI Score7.4
15
.json
Report