Use-After-Use-After-Free: Exploit UAF by Generating Your Own

Presented at Black Hat Europe 2016, Nov. 4, 2016, 10:45 a.m. (60 minutes)

<span>This talk will introduce Use-After-Use-After-Free (UAUAF), a novel and relatively universal exploitation technique for UAF vulnerabilities in Adobe Flash. By leveraging a sequence of object occupations and releases, UAUAF can transform a UAF into a multi-class type confusion. Full memory access is gained upon the mitigations recently added by Adobe. More importantly, this talk will illustrate UAUAF by CVE-2016-1097, a real UAF 0day that I reported to Adobe in May. Exploitation process, i.e., from discovering the 0day, gaining full memory access, chaining ROP gadgets, to the final code execution will be presented in detail.</span>

Presenters:

  • Guanxing Wen - Security Researcher, Pangu Team
    Guanxing Wen is member of Pangu Team. His focus includes performing root-cause analysis, fuzzing and exploit development. Prior to joining Pangu, Wen worked as a security researcher of Venustech ADLAB. He is actively involved in Bug Bounty Program, such as ZDI, Chrome VRP and is currently the top one bug contributor of IBB-Flash Bounty (@hhj4ck).

Links:

Similar Presentations: