By HireHackking in HACKER
· 1 view
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=791
There is an out-of-bounds read in JXR processing. This issue is probably not exploitable, but could be used an an information leak.
To reproduce the issue, load the attach file '8' using LoadImage.swf as follows:
LoadImage.swf?img=8
Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39824.zip
Recommended Comments