This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Flash Player handles the update of a NetStream object via the appendBytes method which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.
{"id": "ZDI-12-057", "vendorId": null, "type": "zdi", "bulletinFamily": "info", "title": "(Pwn2Own) Adobe Flash Player NetStream addBytes Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Flash Player handles the update of a NetStream object via the appendBytes method which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.", "published": "2012-04-09T00:00:00", "modified": "2012-04-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-057/", "reporter": "VUPEN Vulnerability Research Team http://www.vupen.com", "references": ["http://www.adobe.com/support/security/bulletins/apsb12-07.html"], "cvelist": [], "immutableFields": [], "lastseen": "2022-02-10T00:00:00", "viewCount": 7, "enchantments": {"dependencies": {"references": []}, "score": {"value": 2.7, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 2.7}, "_state": {"dependencies": 1647589307, "score": 0}}
(Pwn2Own) Adobe Flash Player NetStream addBytes Remote Code Execution Vulnerability