Adobe Flash - MovieClip.duplicateMovieClip Use-After-Free

EDB-ID:

39779




Platform:

Windows

Date:

2016-05-06


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=759

There is a use-after-free in MovieClip.duplicateMovieClip.If an action associated with the MovieClip frees the clip provided as the initObject parameter to the call, it will be used after it is freed.A PoC is attached.


Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39779.zip