Subscribe via feed.

Adobe Flash Selection.SetSelection Use-After-Free

Posted by deepcore on December 18, 2015 – 9:47 pm

There is a use-after-free in Selection.SetSelection. If it is called with a number parameter, which is an object with valueOf defined, and this function frees the parent of the TextField parameter, the object is used after it is freed. A minimal PoC follows:


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »