Hhj4ckH1:145266Internet Bug Bounty: Adobe Flash Player ShimContentFactory.retrieveResolvers Memory Corruption Vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
80.2%
I. Summary
Adobe Flash Player is prone to a vulnerability which leads to memory corruption because of improper validation of ShimContentFactory.retrieveResolvers().
II. Description
Normally, retrieveResolvers() should validates its parameter and returns error in AS3 level if anything goes wrong.
If retrieveResolvers() function is invoked directly with invalid parameter, some inner class instance will be absent, which will cause a memory crash.
III. Impact
Memory Corruption
IV. Affected
Adobe Flash Player 21.0.0.242.
V. Credit
Wen Guanxing from Pangu LAB is credited for this vulnerability.
It has been assigned by Adobe as CVE-2016-4151.
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
80.2%