Closed Bug 509873 Opened 15 years ago Closed 15 years ago

Crash [@ Flash Player @0x185e5c]

Categories

(External Software Affecting Firefox Graveyard :: Flash (Adobe), defect)

defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: bc, Assigned: cliss)

References

()

Details

(Keywords: crash, Whiteboard: [sg:vector-? (flash)] Fixed 10.0.42.34)

Crash Data

Attachments

(1 file)

Whiteboard: [sg:vector-? (flash)]
This is crossplatform, also crashes on Windows. Reproducible testcase (also crashes on load) is www.ocbeachweek.com/party-pics.php Crashes Windows, Mac on Load Mac Breakpad : http://crash-stats.mozilla.com/report/index/7b372cb9-356e-4383-ac94-03dc62090812 Windows: http://crash-stats.mozilla.com/report/index/b7fd9ec1-6a8b-4de0-82d0-b5ad32090812?p=1
Severity: normal → critical
OS: Mac OS X → All
Hardware: x86 → All
and the !exploitable report for this party url is : (ff4.78c): Access violation - code c0000005 (!!! second chance !!!) eax=00000000 ebx=0494d258 ecx=0a947600 edx=00000000 esi=0a947600 edi=00000000 eip=0a4e08dc esp=0012e7a0 ebp=0a8c9670 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 NPSWF32+0xd08dc: 0a4e08dc 8b889c000000 mov ecx,dword ptr [eax+9Ch] ds:0023:0000009c=???????? 0:000> cdb: Reading initial command '!load winext\msec.dll;.logappend;!exploitable;k;q' Opened log file 'dbgeng.log' *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll - Exploitability Classification: UNKNOWN Recommended Bug Title: Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at NPSWF32+0x00000000000d08dc (Hash=0x3c3e750a.0x7c7d The data from the faulting address is later used as one or more of the arguments to a function call. ChildEBP RetAddr WARNING: Stack unwind information not available. Following frames may be wrong. 0012e7a4 0a4a400e NPSWF32+0xd08dc 0012e808 0a4f98be NPSWF32+0x9400e 00000000 00000000 NPSWF32+0xe98be quit:
also crashes on load on http://www.ztr-agrokft.hu/egyoldalas_csonkazo.html on windows and mac
Great info guys thanks for the URLs! Repro'd on Mac and Windows on current and dev releases.
Internal bug number for tracking is - 2407140. I am trying to isolate the offending swf's If you happen to do that before I do could you attach it for me?
Thanks Carsten. I had pulled the swf's from Ztr-arokft.hu but can't get them to crash on their own. Did any of these crash for you locally?
(In reply to comment #7) > Thanks Carsten. I had pulled the swf's from Ztr-arokft.hu but can't get them > to crash on their own. Did any of these crash for you locally? Hi Charles, no i was not able to just crash on this flash files locally (but also not sure if i missed a step there).
Note: this seems to be "TopCrash" during my !exploitable Testing during the Testing with the Crash Urls
2407140 - internal bug. Looks like we'll have this fixed.
Summary: Crash [ @ Flash Player @0x185e5c] → Crash [@ Flash Player @0x185e5c]
Fixed in Flash Player 10.0.42.34
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Assignee: nobody → cliss
Component: Plug-ins → Flash (Adobe)
Product: Core → Plugins
QA Contact: plugins → adobe-flash
Resolution: WORKSFORME → FIXED
Whiteboard: [sg:vector-? (flash)] → [sg:vector-? (flash)] Fixed 10.0.42.34
Target Milestone: --- → Dec 2009
Version: Trunk → 10.x
Crash Signature: [@ Flash Player @0x185e5c]
Group: core-security → core-security-release
Group: core-security-release
Version and milestone values are being reset to defaults as part of product refactoring.
Target Milestone: Dec 2009 → ---
Version: 10.x → unspecified
Product: External Software Affecting Firefox → External Software Affecting Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: