Flash (IBB): Adobe Flash Player ShimContentFactory class Memory Corruption Vulnerability

ID H1:145265
Type hackerone
Reporter hhj4ck
Modified 2019-11-12T09:42:34


I. Summary Adobe Flash Player is prone to a vulnerability which leads to memory corruption because of improper validation of ShimContentFactory.retrieveOpportunityGenerators().

II. Description Normally, retrieveOpportunityGenerators() should validates its parameter and returns error in AS3 level if anything goes wrong. If retrieveOpportunityGenerators() function is invoked directly with invalid parameter, some inner class instance will be absent, which will cause a memory crash.

III. Impact Memory Corruption

IV. Affected Adobe Flash Player

V. Credit Wen Guanxing from Pangu LAB is credited for this vulnerability.

It has been assigned by Adobe as CVE-2016-4150. https://helpx.adobe.com/security/products/flash-player/apsb16-18.html