[Urgent] Internet Explorer 11 crashed after windows security update on installed Adobe Flash Player 32.x version

Report · Apr 16, 2019

Hello,

My site has a big trouble using Internet Explorer after install the Adobe Flash player 32.x version.

Please see below report from Microsoft support.

We want to know your patch plan about this problem ASAP.

------------------------------------------------------

With March 12, 2019 Microsoft Windows Security Update installed, Internet Explorer 11 terminates
unexpectedly with an access violation when invoking Flash Player 32.0 and
above. We don’t see a possible problem with GetBindString parameters and may
need to ask Adobe to repro and debug. Actual null pointer violation is
happening in the utility function of the Flash player which is used when
GetBindString is called. Looking at the Cab Analysis, it also breaks Edge. Edge
has been using GetBindString in the same way as IE since the beginning of
samesite introduction, and other callees like BookReader or PDFViewer don’t
have any issue so far.

eax=00000000 ebx=00000000 ecx=11cc8280 edx=123a6000
esi=16660d00 edi=123ab020

eip=14a7ca02 esp=05d95ba8 ebp=05d95bb4
iopl=0 nv up ei pl nz na po nc

cs=0023 ss=002b ds=002b es=002b
fs=0053
gs=002b
efl=00210202

Flash!CMyBindStatusCallback::GetSameSiteCookieLevel+0xa2:

14a7ca02
8a08
mov     cl,byte ptr
[eax]          ds:002b:00000000=??

# ChildEBP RetAddr

00 05d95bb4 14a7c81d
Flash!CMyBindStatusCallback::GetSameSiteCookieLevel+0xa2

01 05d95bd0 729ab851 Flash!CMyBindStatusCallback::GetBindString+0x3d

02 05d95bfc 729a915a
urlmon!CBSCHolder::GetBindString+0x81

03 05d95c24 729e350a urlmon!CBinding::GetBindString+0x5a

04 05d95c58 72a16d94
urlmon!CTransaction::GetBindString+0x6a

05 05d95c8c 72a16ebc urlmon!CINetHttp::QuerySameSiteCookieLevel+0x50

06 05d95c98 729c6241
urlmon!CINetHttp::UpdateSameSiteCookiePolicy+0x28

07 05d95ce0 729c7023
urlmon!CINetHttp::INetAsyncSendRequest+0x631

08 05d96530 729cad4b
urlmon!CINetHttp::INetAsyncOpenRequest+0x473

09 05d9656c 729cb288 urlmon!CINet::INetAsyncConnect+0x30b

0a 05d96590 729cb2c2 urlmon!CINet::INetAsyncOpen+0x238

0b 05d965a8 729ccedf urlmon!CINet::INetAsyncStart+0x24

0c 05d96680 729ccf9a urlmon!CINet::StartCommon+0x35c

0d 05d9669c 729e5d56 urlmon!CINet::StartEx+0x1a

0e 05d966d8 729c2471 urlmon!COInetProt::StartEx+0x2a6

0f 05d96740 729aa5d0
urlmon!LegacyTransaction::StartEx+0x381

10 05d967c8 729da55d urlmon!CBinding::StartBinding+0x465

11 05d96828 729da71b urlmon!CUrlMon::StartBinding+0xeb

12 05d96854 14a7ec26 urlmon!CUrlMon::BindToStorage+0x7b

13 05d968b0 14a7e54d
Flash!CMyBindStatusCallback::StartAsyncDownload+0x2c6

14 05d968fc 14a7e5f7
Flash!ActiveXURLStreamProvider::RequestUrlCore+0x15d

15 05d96904 14a143e4
Flash!ActiveXURLStreamProvider::RequestUrlImpl+0x7

16 (Inline) -------- Flash!URLStreamProvider::BaseRequestUrl+0x11

17 05d96918 149e5ebb Flash!URLStream::RequestUrl+0x24

18 05d969d8 149e6363 Flash!CorePlayer::LoadFile+0x4ab

19 05d96a3c 14afd93c Flash!CorePlayer::LoadMovie+0x183

1a 05d96bc4 74b5ee6f Flash!CShockWaveFlash::put_Movie+0x3ec

1b 05d96be0 74b4ff1d oleaut32!tPushValJmpTab+0x107

1c 05d96e98 14aebe3c oleaut32!CTypeInfo2::Invoke+0x2ed

1d (Inline) --------
Flash!ATL::CComTypeInfoHolder::Invoke+0x4d

1e (Inline) --------
Flash!ATL::IDispatchImpl<IShockwaveFlash,&IID_IShockwaveFlash,&LIBID_ShockwaveFlashObjects,1,0,ATL::CComTypeInfoHolder>::Invoke+0x4d

1f 05d96ed0 14af2080 Flash!CShockWaveFlash::Invoke+0xdc

20 05d96f1c 14aec41d
Flash!ATL::CComPtr<IDispatch>::PutProperty+0xd0

21 (Inline) --------
Flash!ATL::CComPtr<IDispatch>::PutProperty+0xf

22 05d96f6c 67303df3 Flash!CShockWaveFlash::Load+0x22d

23 05d96fdc 67301ef4 mshtml!COleSite::LoadObject+0x245

24 05d9906c 67347c3d
mshtml!COleSite::CreateObjectNow+0x164

25 05d99094 67347a4b
mshtml!CCodeLoad::OnObjectAvailable+0x9d

26 05d99130 67347fdd mshtml!CCodeLoad::BindToObject+0x400

27 05d99150 6737dc4d mshtml!CCodeLoad::Init+0x30c

28 05d99184 672fec13 mshtml!COleSite::CreateObject+0x1ae

29 05d99248 672ff42a
mshtml!CPluginSite::FinishCreateObject+0x1ed

2a 05d9b290 674e5575 mshtml!CPluginSite::CreateObject+0x351

2b 05d9b2a8 673b73eb
mshtml!COleSite::DeferredCreateObject+0x55

2c 05d9b320 673b7784 mshtml!GlobalWndOnMethodCall+0x21b

2d 05d9b36c 768ebf1b mshtml!GlobalWndProc+0xe4

2e 05d9b398 768e83ea user32!_InternalCallWinProc+0x2b

2f (Inline) -------- user32!InternalCallWinProc+0x1a

30 05d9b480 768e7c9e user32!UserCallWinProcCheckWow+0x3aa

31 05d9b4fc 768e7a80 user32!DispatchMessageWorker+0x20e

*** WARNING: Unable to verify checksum for
NamoWec8_namo_cs.dll

32 05d9b508 0e18765c user32!DispatchMessageW+0x10

WARNING: Stack unwind information not available.
Following frames may be wrong.

33 05d9b540 0e1cb879
NamoWec8_namo_cs!DllUnregisterServer+0x39a0c

34 05d9b56c 0e1cdde6
NamoWec8_namo_cs!DllUnregisterServer+0x7dc29

35 05d9c660 0e1defff
NamoWec8_namo_cs!DllUnregisterServer+0x80196

36 05d9c6b8 0e1e3418
NamoWec8_namo_cs!DllUnregisterServer+0x913af

37 05d9c750 0e17393f
NamoWec8_namo_cs!DllUnregisterServer+0x957c8

38 05d9c778 0e14aa9b
NamoWec8_namo_cs!DllUnregisterServer+0x25cef

39 05d9c7a0 0e14d56d NamoWec8_namo_cs+0xaa9b

3a 05d9c7f0 696c17f6 NamoWec8_namo_cs+0xd56d

3b 05d9c810 768ebf1b atlthunk!AtlThunk_0x00+0x36

3c 05d9c83c 768e83ea user32!_InternalCallWinProc+0x2b

3d (Inline) -------- user32!InternalCallWinProc+0x1a

3e 05d9c924 768e7f8a user32!UserCallWinProcCheckWow+0x3aa

3f 05d9c988 768ea6d9 user32!DispatchClientMessage+0xea

40 05d9c9c8 7786cd3d user32!__fnDWORD+0x49

41 05d9ca00 76be2b4c ntdll!KiUserCallbackDispatcher+0x4d

42 05d9ca04 768cc09a win32u!NtUserMessageCall+0xc

43 05d9ca70 768cbc57 user32!SendMessageWorker+0x3da

Report · Apr 16, 2019

It would be super helpful if you could give us a minidump or a link and instructions on how to reproduce the issue.

Report a Flash Player crash or error

Report · Apr 16, 2019

Thanks for your reply.

Yesterday, I didn't know how to start discussion, so I send a this message to you.

But, finally I have started new discussion about this problem after sending message.

I know this issue was delivered to Adobe from Microsoft's IE Support team.

We want Adobe's quick response!

Report · Apr 17, 2019

It always helps if you follow established procedures. So, please give a minidump, link, and instructions as requested.

Report · Apr 17, 2019

We want Adobe's quick response!

Jeromie is an employee, as denoted by the 'STAFF' flag next to his user name.

Please go through the tech note he posted and provide the information he requested. Otherwise, we can't assist you.

Report · Apr 17, 2019

You would get a much faster response if you gave me the information I needed to give you an answer.

Report · Apr 17, 2019

Hello,

I added this bug to bugbase.

Please check the FP-4199000.

But, I cannot attach dump file because I cannot upload such a big file according to my company's security policy.

Please let me know your email address. I will send you dump files via email system.

Report · Apr 18, 2019

Thanks! We were able to reproduce based on the instructions you provided. We opened the bug to a developer to fix. Please follow the bug above for updates.

Report · Feb 28, 2020

Can someone assist on FP-4199088

Report · Feb 28, 2020

I responded in the bug, but also, please start a new thread specific to this issue if you need to continue this conversation in the forums. This issue at the heart of this thread has been resolved, and this discussion isn't relevant.

Adobe Community

[Urgent] Internet Explorer 11 crashed after windows security update on installed Adobe Flash Player 32.x version

1 Correct answer