Flash same origin policy bypass via ProgressEvent
Demo
URL:
check
src
Timeline
- 2019-06-11 Fixed by
APSB19-30
, CVE-2019-8075 assigned.
- maybe this fix contains various CORS bug fix. as far as I remember, PoC was already didn't work correctly for a long time when this fix released.
- 2016-10-25 Not fixed yet.
- 2016-02-26 Response from Adobe for shareing update status, they say "will take time".
- 2015-10-02 Response from Adobe PSIRT
- 2015-10-01 Report to Adobe PSIRT