Adobe Flash - JXR Processing Out-of-Bounds Read

EDB-ID:

39824




Platform:

Multiple

Date:

2016-05-17


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=791

There is an out-of-bounds read in JXR processing. This issue is probably not exploitable, but could be used an an information leak.

To reproduce the issue, load the attach file '8' using LoadImage.swf as follows:

LoadImage.swf?img=8


Proof of Concept:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39824.zip