II. Description
Adobe Flash is a multimedia and software platform used for authoring of vector graphics, animation, games and rich Internet applications (RIAs) that can be viewed, played and executed in Adobe Flash Player. NetStream object can load and play an external mp4 file.
After playing a mp4 file, Flash will keep on accessing the memory saving the media object. A malformed mp4 file will trick the Flash to believe that this film never ends. The accessing continues even the web page containing Flash is closing. Closing the page release Flash from the memory space, while the accessing is still going on via a standalone thread.
There are two possible types of crash depending on the order of different blocks’ release:
VI. Credit
Liu Jincheng and Wen Guanxing from Venustech ADLAB are credited for this vulnerability.