| 01 |
02 |
03 |
04 |
05 |
06 |
07 |
08 |
09 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
9-Apr-2012 [10:44] -- CVE-2012-0769: the case of the perfect info leak
During the last few months I have been researching Adobe Flash vulnerabilities ranging from type confusion vulnerabilities, AS3 API vulnerabilities (CVE-2012-0769), sandbox escapes (CVE-2012-0724 &
CVE-2012-0725), etc.
I am pleased to announce the release of part of this research. In this case, the below linked document will focus on an already patched (
https://www.adobe.com/support/security/bulletins/apsb12-05.html) vulnerability. "CVE-2012-0769, the case of the perfect info leak" goes in detail from root cause analysis to a fully reliable, quick and multi-platform exploitation of the vulnerability.
Document:
Flash_ASLR_bypass.pdf
Source code:
InfoLeak.as
SWF file:
InfoLeak.swf
Enjoy,
Fermin J. Serna - @fjserna
Comments (0)
