So; issue 199/PSIRT-3161/CVE-2015-0318. Quick summary - it’s a bug in the PCRE regex engine as used in Flash. (Note that the published version of the avmplus code is significantly out of date; there are a number of other vulnerabilities present that have already been fixed by Adobe; so auditing it can be a little frustrating!).
Spoiler: it’s exploitable. Grab the exploit from the issues page and read along here.....http://googleprojectzero.blogspot.gr/2015/02/exploitingscve-2015-0318sinsflash.html
Spoiler: it’s exploitable. Grab the exploit from the issues page and read along here.....http://googleprojectzero.blogspot.gr/2015/02/exploitingscve-2015-0318sinsflash.html