Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution

Disclosed: 2015-03-25 19:39:16 By biloulehibou To ibb
Unknown
Vulnerability Details
An attacker can register the StageVideoAvailabilityEvent and have the SWF movie reloaded at the same time with LoadMovie. During this process, an object may be freed allowing the attacker to take control of the code flow. Identified as CVE-2015-0315, and reported to Adobe via Chrome VRP: https://helpx.adobe.com/security/products/flash-player/apsb15-04.html Original report with an exploit for Chrome: https://code.google.com/p/chromium/issues/detail?id=429276
Actions
View on HackerOne
Report Stats
  • Report ID: 47232
  • State: Closed
  • Substate: resolved
  • Upvotes: 1
Share this report