437 matches found
Adobe Flash - Object.unwatch Use-After-Free
Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 https://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug. Roughly 80 of these types of issues have been fixed by Adobe ...
Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix
Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=717 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin...
Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely...
Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=717 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely one of the UaFs reported by Yuki Chen can sometimes...
Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=715 The ActionScript parameter conversion in the fix for issue 403 https://code.google.com/p/google-security-research/issues/detail?id=403 can sometimes access a parameter on the native stack that is uninitialized. If: mc.swapDepth...
Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix
Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin...
Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=717 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely...
Adobe Flash - Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter
Source: https://code.google.com/p/google-security-research/issues/detail?id=545 There is a type confusion issue during serialization if ObjectEncoder.dynamicPropertyWriter is overridden with a value that is not a function. In the following ActionScript:...
Adobe Flash - Type Confusion in IExternalizable.readExternal When Performing Local Serialization
Source: https://code.google.com/p/google-security-research/issues/detail?id=548 If IExternalizable.readExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's...
Adobe Flash - Type Confusion in IExternalizable.readExternal When Performing Local Serialization
Adobe Flash - Type Confusion in IExternalizable.readExternal When Performing Local Serialization Source: https://code.google.com/p/google-security-research/issues/detail?id=548 If IExternalizable.readExternal is overridden with a value that is not a function, Flash assumes it is a function even...
Adobe Flash - Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter
Adobe Flash - Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter Source: https://code.google.com/p/google-security-research/issues/detail?id=545 There is a type confusion issue during serialization if ObjectEncoder.dynamicPropertyWriter is overridden with a value that is not...
Adobe Flash - IExternalizable.writeExternal Type Confusion
Adobe Flash - IExternalizable.writeExternal Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=547 If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to...
Adobe Flash - 'IExternalizable.writeExternal' Type Confusion
Source: https://code.google.com/p/google-security-research/issues/detail?id=547 If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's...
Google Chrome < 43.0.2357.134 Multiple RCE Vulnerabilities
Binary data 8882.pasl...
Adobe Flash AS2 Use-After-Free In TextField.filters Exploit
There is a use after free vulnerability in the ActionScript 2 TextField.filters array property. Source: https://code.google.com/p/google-security-research/issues/detail?id=444&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for...
Adobe Flash AS2 - textfield.filters Use-After-Free (1)
Adobe Flash AS2 - textfield.filters Use-After-Free 1 Source: https://code.google.com/p/google-security-research/issues/detail?id=330&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=476926 Credit is to bilou,...
Adobe Flash - XML.childNodes Use-After-Free
Source: https://code.google.com/p/google-security-research/issues/detail?id=365&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in a way that causes its child nodes to be...
Adobe Flash AS2 - textfield.filters Use-After-Free (1)
Source: https://code.google.com/p/google-security-research/issues/detail?id=330&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=476926 Credit is to bilou, working with the Chromium Vulnerability Rewards...
Adobe Flash - XML.childNodes Use-After-Free
Adobe Flash - XML.childNodes Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=365&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in...
Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object
Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object Source: https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id 90-day deadline tracking for...