Flash Player Memory Corruption in TextField Object Handling
XLAB ID: XLAB-15-009
CVE ID: CVE-2015-4429
Patch Status: Fixed
Vulnerability Details:
The specific flaw exists within the usage of TextField objects. By maniuplating TextField’s properties attacker can force memory corruption occuring in flash player. An attacker can leverage this vulnerability to execute code under the context of the current process.
Disclosure Timeline:
| 2015/05/27 | Provide vulnerability detail to Adobe via psirt@adobe.com |
|---|---|
| 2015/05/28 | Adobe responded that they had opened case PSIRT-3670 for the issuse |
| 2015/07/03 | Adobe responded that they had assigned CVE-2015-4429 to the issue |
Credit:
This vulnerability was discovered by: Kai Kang