Blog | Talks | Docs | Tools | Advisories | About | RSS
Fermín J. Serna - Blog...
<<<<< April - 2012 >>>>>
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

9-Apr-2012 [10:44] -- CVE-2012-0769: the case of the perfect info leak

During the last few months I have been researching Adobe Flash vulnerabilities ranging from type confusion vulnerabilities, AS3 API vulnerabilities (CVE-2012-0769), sandbox escapes (CVE-2012-0724 &
CVE-2012-0725), etc.

I am pleased to announce the release of part of this research. In this case, the below linked document will focus on an already patched (https://www.adobe.com/support/security/bulletins/apsb12-05.html) vulnerability. "CVE-2012-0769, the case of the perfect info leak" goes in detail from root cause analysis to a fully reliable, quick and multi-platform exploitation of the vulnerability.

Document: Flash_ASLR_bypass.pdf
Source code: InfoLeak.as
SWF file: InfoLeak.swf

Enjoy,

Fermin J. Serna - @fjserna

Comments (0)