Adobe Flash - MovieClip.duplicateMovieClip Use-After-Free
| EKU-ID: 44098 | CVE: CVE-2016-1011 | OSVDB-ID: |
| Author: Google Security Research | Published: 2016-05-06 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 44098 | CVE: CVE-2016-1011 | OSVDB-ID: |
| Author: Google Security Research | Published: 2016-05-06 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=759 There is a use-after-free in MovieClip.duplicateMovieClip.If an action associated with the MovieClip frees the clip provided as the initObject parameter to the call, it will be used after it is freed.A PoC is attached. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39779.zip