Adobe Flash - Out-of-Bounds Read when Placing Object

2016-05-17T00:00:00
ID EDB-ID:39825
Type exploitdb
Reporter Google Security Research
Modified 2016-05-17T00:00:00

Description

Adobe Flash - Out-of-Bounds Read when Placing Object. CVE-2016-1104. Dos exploits for multiple platform

                                        
                                            Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=794

There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read.

A PoC is attached. To reproduce issue, put both files on a server, and load:

http://127.0.0.1/LoadImage.swf?img=70


Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39825.zip