header-logo
Suggest Exploit
vendor:
MovieClip.duplicateMovieClip
by:
Project Zero
7,5
CVSS
HIGH
Use-after-free
416
CWE
Product Name: MovieClip.duplicateMovieClip
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Use-after-free in MovieClip.duplicateMovieClip

There is a use-after-free vulnerability in MovieClip.duplicateMovieClip. If an action associated with the MovieClip frees the clip provided as the initObject parameter to the call, it will be used after it is freed.

Mitigation:

Ensure that the initObject parameter is not freed before the call to MovieClip.duplicateMovieClip is complete.
Source

Exploit-DB raw data:

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=759

There is a use-after-free in MovieClip.duplicateMovieClip.If an action associated with the MovieClip frees the clip provided as the initObject parameter to the call, it will be used after it is freed.A PoC is attached.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39779.zip

Navigation

Suggest Exploit

Services By CQR