Adobe Flash - LMZA Property Decoding Heap Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=790
 
Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows:
 
LoadImage.swf?img=6
 
The issue sometimes takes multiple refreshes to crash
 
 
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40089.zip

#  0day.today [2018-01-08]  #