Adobe Flash GradientFill Use-After-Free

Posted by deepcore on December 18, 2015 – 9:47 pm

There are a number of use-after-free vulnerabilities in MovieClip.beginGradientFill. If the spreadMethod or any other string parameter is an object with toString defined, this method can free the MovieClip, which is then used. Note that many parameters to this function can be used to execute script and free the MovieClip during execution, it is recommended that this issues be fixed with a stale pointer check.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Adobe Flash TextField.antiAliasType Setter Use-After-Free Lithium Forum – (previewImages) Persistent Vulnerability »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Adobe Flash GradientFill Use-After-Free

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL