Adobe Flash op_pushwith Incorrect Jit Optimization
Posted by deepcore on March 18, 2016 – 6:27 am
The avmplus bytecode verifier misses a control-flow path via op_pushwith throwing an exception allowing crafted bytecode to be incorrectly optimized which can trivially be abused to get code execution.
Post a reply
You must be logged in to post a comment.