The 2012 Pwnie Nominee For Best Client-Side Bug

Flash BitmapData.histogram() Info Leak (CVE 2012-0769)

Credit: Fermin Serna

Fermin demonstrated and  documented in exquisite detail how to turn a lossy out-of-bounds memory read vulnerability into full chosen-address memory disclosure. He showed how proper heap manipulation and creativity can build a limited exploitation primitive into a much more powerful one. Oh right, we are supposed to make jokes about these. Too bad nothing actually runs Flash.

(CVE 2012-0769)