This vulnerability is an instance of a memory corruption vulnerability in ActionScript2 code parser. Specifically, the vulnerability is caused by a crafted SWF file which contains malformed action tag whose length makes the parser read beyond the previously allocated code buffer. It causes an out of bounds memory access and triggers access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack. |