Flash (IBB): Adobe Flash Player Race Condition Vulnerability

2016-03-01T08:17:58
ID H1:119657
Type hackerone
Reporter hhj4ck
Modified 2019-11-12T09:43:13

Description

Adobe Flash Player is prone to a race condition vulnerability which leads to Use After Free. COM Object will be initialized twice and uninitialized when the count number decrement to zero by the main thread. As we could force the second initialization being called by a Worker thread, the uninitialization will come ahead of time. Instuctions afterwards that are accessing the DLL (related to the COM Object) will lead to a Use-After-Free.

Identified as CVE-2015-3103: https://helpx.adobe.com/security/products/flash-player/apsb15-11.html