Hhj4ckH1:119652Internet Bug Bounty: Adobe Flash Player ASnative(101,10) Memory Corruption Vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.017 Low
EPSS
Percentile
86.2%
I. Summary
Adobe Flash Player is prone to a vulnerability which leads to Memory Corruption.
II. Description
When ASnative(101,10) is called with a MovieClip object pointer, Flash Player is crashed due to an invalid EIP value. Carefully crafted swf file may allow the attacker to hijack the EIP, leading to shellcode execution in the context of affected application.
Lastest version of Adobe Flash Player 20.0.0.267 has been tested under Windows 7.
III. Impact
Memory Corruption
IV. Credit
Wen Guanxing from Venustech ADLAB is credited for this vulnerability.
It has been assigned as CVE-2016-0981 by Adobe.
https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.017 Low
EPSS
Percentile
86.2%