[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Adobe Flash - Sprite Creation Use-After-Free

Author
Google Security Research
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-25890
Category
dos / poc
Date add
23-03-2016
CVE
CVE-2016-1000
Platform
windows
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=718
 
There is a use-after-free in Sprite Creation. If a Sprite is created, and then the handler for the frameConstructed event triggers a remove object action, the Sprite is then used after it has been freed.
 
A sample swf is attached.
 
 
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39610.zip

#  0day.today [2024-12-25]  #