Memory near access violation at 0x147B9000

147b8de0	*bb bb cd ab	╗╗═½	abcdbbbb	// *0=Page heap StartStamp
147b8de4	*00 10 ac 00	␀►¼␀	00ac1000 → ffeeddcc	// *0=Page heap Heap
147b8de8	*00 02 00 00	␀☻␀␀	00000200	// *0=Page heap RequestedSize
147b8dec	*00 10 00 00	␀►␀␀	00001000	// *0=Page heap ActualSize
147b8df0	00 00 00 00	␀␀␀␀	00000000
147b8df4	00 00 00 00	␀␀␀␀	00000000
147b8df8	*4c b6 b2 04	L╢▓♦	04b2b64c → 04bef424	// *0=Page heap StackTrace
147b8dfc	*bb bb ba dc	╗╗║▄	dcbabbbb	// *0=Page heap EndStamp
147b8e00	*00 00 00 00	␀␀␀␀	00000000	// *0=Heap block start
147b8e04	00 00 00 00	␀␀␀␀	00000000
147b8e08	00 00 00 00	␀␀␀␀	00000000
147b8e0c	00 00 00 00	␀␀␀␀	00000000
147b8e10	00 00 00 00	␀␀␀␀	00000000
147b8e14	00 00 00 00	␀␀␀␀	00000000
147b8e18	00 00 00 00	␀␀␀␀	00000000
147b8e1c	00 00 00 00	␀␀␀␀	00000000
147b8e20	00 00 00 00	␀␀␀␀	00000000
147b8e24	00 00 00 00	␀␀␀␀	00000000
147b8e28	00 00 00 00	␀␀␀␀	00000000
147b8e2c	00 00 00 00	␀␀␀␀	00000000
147b8e30	00 00 00 00	␀␀␀␀	00000000
147b8e34	00 00 00 00	␀␀␀␀	00000000
147b8e38	00 00 00 00	␀␀␀␀	00000000
147b8e3c	00 00 00 00	␀␀␀␀	00000000
147b8e40	00 00 00 00	␀␀␀␀	00000000
147b8e44	00 00 00 00	␀␀␀␀	00000000
147b8e48	00 00 00 00	␀␀␀␀	00000000
147b8e4c	00 00 00 00	␀␀␀␀	00000000
147b8e50	00 00 00 00	␀␀␀␀	00000000
147b8e54	00 00 00 00	␀␀␀␀	00000000
147b8e58	00 00 00 00	␀␀␀␀	00000000
147b8e5c	00 00 00 00	␀␀␀␀	00000000
147b8e60	00 00 00 00	␀␀␀␀	00000000
147b8e64	00 00 00 00	␀␀␀␀	00000000
147b8e68	00 00 00 00	␀␀␀␀	00000000
147b8e6c	00 00 00 00	␀␀␀␀	00000000
147b8e70	00 00 00 00	␀␀␀␀	00000000
147b8e74	00 00 00 00	␀␀␀␀	00000000
147b8e78	00 00 00 00	␀␀␀␀	00000000
147b8e7c	00 00 00 00	␀␀␀␀	00000000
147b8e80	00 00 00 00	␀␀␀␀	00000000
147b8e84	00 00 00 00	␀␀␀␀	00000000
147b8e88	00 00 00 00	␀␀␀␀	00000000
147b8e8c	00 00 00 00	␀␀␀␀	00000000
147b8e90	00 00 00 00	␀␀␀␀	00000000
147b8e94	00 00 00 00	␀␀␀␀	00000000
147b8e98	00 00 00 00	␀␀␀␀	00000000
147b8e9c	00 00 00 00	␀␀␀␀	00000000
147b8ea0	00 00 00 00	␀␀␀␀	00000000
147b8ea4	00 00 00 00	␀␀␀␀	00000000
147b8ea8	00 00 00 00	␀␀␀␀	00000000
147b8eac	00 00 00 00	␀␀␀␀	00000000
147b8eb0	00 00 00 00	␀␀␀␀	00000000
147b8eb4	00 00 00 00	␀␀␀␀	00000000
147b8eb8	00 00 00 00	␀␀␀␀	00000000
147b8ebc	00 00 00 00	␀␀␀␀	00000000
147b8ec0	00 00 00 00	␀␀␀␀	00000000
147b8ec4	00 00 00 00	␀␀␀␀	00000000
147b8ec8	00 00 00 00	␀␀␀␀	00000000
147b8ecc	00 00 00 00	␀␀␀␀	00000000
147b8ed0	00 00 00 00	␀␀␀␀	00000000
147b8ed4	00 00 00 00	␀␀␀␀	00000000
147b8ed8	00 00 00 00	␀␀␀␀	00000000
147b8edc	00 00 00 00	␀␀␀␀	00000000
147b8ee0	00 00 00 00	␀␀␀␀	00000000
147b8ee4	00 00 00 00	␀␀␀␀	00000000
147b8ee8	00 00 00 00	␀␀␀␀	00000000
147b8eec	00 00 00 00	␀␀␀␀	00000000
147b8ef0	00 00 00 00	␀␀␀␀	00000000
147b8ef4	00 00 00 00	␀␀␀␀	00000000
147b8ef8	00 00 00 00	␀␀␀␀	00000000
147b8efc	00 00 00 00	␀␀␀␀	00000000
147b8f00	02 00 00 00	☻␀␀␀	00000002
147b8f04	00 00 00 00	␀␀␀␀	00000000
147b8f08	00 00 00 00	␀␀␀␀	00000000
147b8f0c	00 00 00 00	␀␀␀␀	00000000
147b8f10	00 00 00 00	␀␀␀␀	00000000
147b8f14	00 00 00 00	␀␀␀␀	00000000
147b8f18	00 00 00 00	␀␀␀␀	00000000
147b8f1c	00 00 00 00	␀␀␀␀	00000000
147b8f20	00 00 00 00	␀␀␀␀	00000000
147b8f24	00 00 00 00	␀␀␀␀	00000000
147b8f28	00 00 00 00	␀␀␀␀	00000000
147b8f2c	00 00 00 00	␀␀␀␀	00000000
147b8f30	00 00 00 00	␀␀␀␀	00000000
147b8f34	00 00 00 00	␀␀␀␀	00000000
147b8f38	00 00 00 00	␀␀␀␀	00000000
147b8f3c	00 00 00 00	␀␀␀␀	00000000
147b8f40	00 00 00 00	␀␀␀␀	00000000
147b8f44	00 00 00 00	␀␀␀␀	00000000
147b8f48	00 00 00 00	␀␀␀␀	00000000
147b8f4c	00 00 00 00	␀␀␀␀	00000000
147b8f50	00 00 00 00	␀␀␀␀	00000000
147b8f54	00 00 00 00	␀␀␀␀	00000000
147b8f58	00 00 00 00	␀␀␀␀	00000000
147b8f5c	00 00 00 00	␀␀␀␀	00000000
147b8f60	00 00 00 00	␀␀␀␀	00000000
147b8f64	00 00 00 00	␀␀␀␀	00000000
147b8f68	00 00 00 00	␀␀␀␀	00000000
147b8f6c	00 00 00 00	␀␀␀␀	00000000
147b8f70	00 00 00 00	␀␀␀␀	00000000
147b8f74	00 00 00 00	␀␀␀␀	00000000
147b8f78	00 00 00 00	␀␀␀␀	00000000
147b8f7c	00 00 00 00	␀␀␀␀	00000000
147b8f80	02 00 00 00	☻␀␀␀	00000002
147b8f84	00 00 00 00	␀␀␀␀	00000000
147b8f88	00 00 00 00	␀␀␀␀	00000000
147b8f8c	00 00 00 00	␀␀␀␀	00000000
147b8f90	00 00 00 00	␀␀␀␀	00000000
147b8f94	00 00 00 00	␀␀␀␀	00000000
147b8f98	00 00 00 00	␀␀␀␀	00000000
147b8f9c	00 00 00 00	␀␀␀␀	00000000
147b8fa0	00 00 00 00	␀␀␀␀	00000000
147b8fa4	00 00 00 00	␀␀␀␀	00000000
147b8fa8	00 00 00 00	␀␀␀␀	00000000
147b8fac	00 00 00 00	␀␀␀␀	00000000
147b8fb0	00 00 00 00	␀␀␀␀	00000000
147b8fb4	00 00 00 00	␀␀␀␀	00000000
147b8fb8	00 00 00 00	␀␀␀␀	00000000
147b8fbc	00 00 00 00	␀␀␀␀	00000000
147b8fc0	00 00 00 00	␀␀␀␀	00000000
147b8fc4	00 00 00 00	␀␀␀␀	00000000
147b8fc8	00 00 00 00	␀␀␀␀	00000000
147b8fcc	00 00 00 00	␀␀␀␀	00000000
147b8fd0	00 00 00 00	␀␀␀␀	00000000
147b8fd4	00 00 00 00	␀␀␀␀	00000000
147b8fd8	00 00 00 00	␀␀␀␀	00000000
147b8fdc	00 00 00 00	␀␀␀␀	00000000
147b8fe0	00 00 00 00	␀␀␀␀	00000000
147b8fe4	00 00 00 00	␀␀␀␀	00000000
147b8fe8	00 00 00 00	␀␀␀␀	00000000
147b8fec	00 00 00 00	␀␀␀␀	00000000
147b8ff0	00 00 00 00	␀␀␀␀	00000000
147b8ff4	00 00 00 00	␀␀␀␀	00000000
147b8ff8	00 00 00 00	␀␀␀␀	00000000
147b8ffc	00 00 00 00	␀␀␀␀	00000000
147b9000	-- inaccessible --			// 0=Access violation, 0=Heap block end, *0=Allocation end
147b9004	-- inaccessible --
147b9008	-- inaccessible --
147b900c	-- inaccessible --
147b9010	-- inaccessible --
147b9014	-- inaccessible --
147b9018	-- inaccessible --
147b901c	-- inaccessible --
147b9020	-- inaccessible --
147b9024	-- inaccessible --
147b9028	-- inaccessible --
147b902c	-- inaccessible --
147b9030	-- inaccessible --
147b9034	-- inaccessible --
147b9038	-- inaccessible --
147b903c	-- inaccessible --
147b9040	-- inaccessible --
147b9044	-- inaccessible --
147b9048	-- inaccessible --
147b904c	-- inaccessible --
147b9050	-- inaccessible --
147b9054	-- inaccessible --
147b9058	-- inaccessible --
147b905c	-- inaccessible --
147b9060	-- inaccessible --
147b9064	-- inaccessible --
147b9068	-- inaccessible --
147b906c	-- inaccessible --
147b9070	-- inaccessible --
147b9074	-- inaccessible --
147b9078	-- inaccessible --
147b907c	-- inaccessible --
147b9080	-- inaccessible --
147b9084	-- inaccessible --
147b9088	-- inaccessible --
147b908c	-- inaccessible --
147b9090	-- inaccessible --
147b9094	-- inaccessible --
147b9098	-- inaccessible --
147b909c	-- inaccessible --
147b90a0	-- inaccessible --
147b90a4	-- inaccessible --
147b90a8	-- inaccessible --
147b90ac	-- inaccessible --
147b90b0	-- inaccessible --
147b90b4	-- inaccessible --
147b90b8	-- inaccessible --
147b90bc	-- inaccessible --
147b90c0	-- inaccessible --
147b90c4	-- inaccessible --
147b90c8	-- inaccessible --
147b90cc	-- inaccessible --
147b90d0	-- inaccessible --
147b90d4	-- inaccessible --
147b90d8	-- inaccessible --
147b90dc	-- inaccessible --
147b90e0	-- inaccessible --
147b90e4	-- inaccessible --
147b90e8	-- inaccessible --
147b90ec	-- inaccessible --
147b90f0	-- inaccessible --
147b90f4	-- inaccessible --
147b90f8	-- inaccessible --
147b90fc	-- inaccessible --
147b9100	-- inaccessible --
147b9104	-- inaccessible --
147b9108	-- inaccessible --
147b910c	-- inaccessible --
147b9110	-- inaccessible --
147b9114	-- inaccessible --
147b9118	-- inaccessible --
147b911c	-- inaccessible --
147b9120	-- inaccessible --
147b9124	-- inaccessible --
147b9128	-- inaccessible --
147b912c	-- inaccessible --
147b9130	-- inaccessible --
147b9134	-- inaccessible --
147b9138	-- inaccessible --
147b913c	-- inaccessible --
147b9140	-- inaccessible --
147b9144	-- inaccessible --
147b9148	-- inaccessible --
147b914c	-- inaccessible --
147b9150	-- inaccessible --
147b9154	-- inaccessible --
147b9158	-- inaccessible --
147b915c	-- inaccessible --
147b9160	-- inaccessible --
147b9164	-- inaccessible --
147b9168	-- inaccessible --
147b916c	-- inaccessible --
147b9170	-- inaccessible --
147b9174	-- inaccessible --
147b9178	-- inaccessible --
147b917c	-- inaccessible --
147b9180	-- inaccessible --
147b9184	-- inaccessible --
147b9188	-- inaccessible --
147b918c	-- inaccessible --
147b9190	-- inaccessible --
147b9194	-- inaccessible --
147b9198	-- inaccessible --
147b919c	-- inaccessible --
147b91a0	-- inaccessible --
147b91a4	-- inaccessible --
147b91a8	-- inaccessible --
147b91ac	-- inaccessible --
147b91b0	-- inaccessible --
147b91b4	-- inaccessible --
147b91b8	-- inaccessible --
147b91bc	-- inaccessible --
147b91c0	-- inaccessible --
147b91c4	-- inaccessible --
147b91c8	-- inaccessible --
147b91cc	-- inaccessible --
147b91d0	-- inaccessible --
147b91d4	-- inaccessible --
147b91d8	-- inaccessible --
147b91dc	-- inaccessible --
147b91e0	-- inaccessible --
147b91e4	-- inaccessible --
147b91e8	-- inaccessible --
147b91ec	-- inaccessible --
147b91f0	-- inaccessible --
147b91f4	-- inaccessible --
147b91f8	-- inaccessible --
147b91fc	-- inaccessible --
147b9200	-- inaccessible --
147b9204	-- inaccessible --
147b9208	-- inaccessible --
147b920c	-- inaccessible --
147b9210	-- inaccessible --
147b9214	-- inaccessible --
147b9218	-- inaccessible --
147b921c	-- inaccessible --
147b9220	-- inaccessible --
147b9224	-- inaccessible --
147b9228	-- inaccessible --
147b922c	-- inaccessible --
147b9230	-- inaccessible --
147b9234	-- inaccessible --
147b9238	-- inaccessible --
147b923c	-- inaccessible --
147b9240	-- inaccessible --
147b9244	-- inaccessible --
147b9248	-- inaccessible --
147b924c	-- inaccessible --
147b9250	-- inaccessible --
147b9254	-- inaccessible --
147b9258	-- inaccessible --
147b925c	-- inaccessible --
147b9260	-- inaccessible --
147b9264	-- inaccessible --
147b9268	-- inaccessible --
147b926c	-- inaccessible --
147b9270	-- inaccessible --
147b9274	-- inaccessible --
147b9278	-- inaccessible --
147b927c	-- inaccessible --
147b9280	-- inaccessible --
147b9284	-- inaccessible --
147b9288	-- inaccessible --
147b928c	-- inaccessible --
147b9290	-- inaccessible --
147b9294	-- inaccessible --
147b9298	-- inaccessible --
147b929c	-- inaccessible --
147b92a0	-- inaccessible --
147b92a4	-- inaccessible --
147b92a8	-- inaccessible --
147b92ac	-- inaccessible --
147b92b0	-- inaccessible --
147b92b4	-- inaccessible --
147b92b8	-- inaccessible --
147b92bc	-- inaccessible --
147b92c0	-- inaccessible --
147b92c4	-- inaccessible --
147b92c8	-- inaccessible --
147b92cc	-- inaccessible --
147b92d0	-- inaccessible --
147b92d4	-- inaccessible --
147b92d8	-- inaccessible --
147b92dc	-- inaccessible --
147b92e0	-- inaccessible --
147b92e4	-- inaccessible --
147b92e8	-- inaccessible --
147b92ec	-- inaccessible --
147b92f0	-- inaccessible --
147b92f4	-- inaccessible --
147b92f8	-- inaccessible --
147b92fc	-- inaccessible --
147b9300	-- inaccessible --
147b9304	-- inaccessible --
147b9308	-- inaccessible --
147b930c	-- inaccessible --
147b9310	-- inaccessible --
147b9314	-- inaccessible --
147b9318	-- inaccessible --
147b931c	-- inaccessible --
147b9320	-- inaccessible --
147b9324	-- inaccessible --
147b9328	-- inaccessible --
147b932c	-- inaccessible --
147b9330	-- inaccessible --
147b9334	-- inaccessible --
147b9338	-- inaccessible --
147b933c	-- inaccessible --
147b9340	-- inaccessible --
147b9344	-- inaccessible --
147b9348	-- inaccessible --
147b934c	-- inaccessible --
147b9350	-- inaccessible --
147b9354	-- inaccessible --
147b9358	-- inaccessible --
147b935c	-- inaccessible --
147b9360	-- inaccessible --
147b9364	-- inaccessible --
147b9368	-- inaccessible --
147b936c	-- inaccessible --
147b9370	-- inaccessible --
147b9374	-- inaccessible --
147b9378	-- inaccessible --
147b937c	-- inaccessible --
147b9380	-- inaccessible --
147b9384	-- inaccessible --
147b9388	-- inaccessible --
147b938c	-- inaccessible --
147b9390	-- inaccessible --
147b9394	-- inaccessible --
147b9398	-- inaccessible --
147b939c	-- inaccessible --
147b93a0	-- inaccessible --
147b93a4	-- inaccessible --
147b93a8	-- inaccessible --
147b93ac	-- inaccessible --
147b93b0	-- inaccessible --
147b93b4	-- inaccessible --
147b93b8	-- inaccessible --
147b93bc	-- inaccessible --
147b93c0	-- inaccessible --
147b93c4	-- inaccessible --
147b93c8	-- inaccessible --
147b93cc	-- inaccessible --
147b93d0	-- inaccessible --
147b93d4	-- inaccessible --
147b93d8	-- inaccessible --
147b93dc	-- inaccessible --
147b93e0	-- inaccessible --
147b93e4	-- inaccessible --
147b93e8	-- inaccessible --
147b93ec	-- inaccessible --
147b93f0	-- inaccessible --
147b93f4	-- inaccessible --
147b93f8	-- inaccessible --
147b93fc	-- inaccessible --
147b9400	-- inaccessible --
147b9404	-- inaccessible --
147b9408	-- inaccessible --
147b940c	-- inaccessible --
147b9410	-- inaccessible --
147b9414	-- inaccessible --
147b9418	-- inaccessible --
147b941c	-- inaccessible --
147b9420	-- inaccessible --
147b9424	-- inaccessible --
147b9428	-- inaccessible --
147b942c	-- inaccessible --
147b9430	-- inaccessible --
147b9434	-- inaccessible --
147b9438	-- inaccessible --
147b943c	-- inaccessible --
147b9440	-- inaccessible --
147b9444	-- inaccessible --
147b9448	-- inaccessible --
147b944c	-- inaccessible --
147b9450	-- inaccessible --
147b9454	-- inaccessible --
147b9458	-- inaccessible --
147b945c	-- inaccessible --
147b9460	-- inaccessible --
147b9464	-- inaccessible --
147b9468	-- inaccessible --
147b946c	-- inaccessible --
147b9470	-- inaccessible --
147b9474	-- inaccessible --
147b9478	-- inaccessible --
147b947c	-- inaccessible --
147b9480	-- inaccessible --
147b9484	-- inaccessible --
147b9488	-- inaccessible --
147b948c	-- inaccessible --
147b9490	-- inaccessible --
147b9494	-- inaccessible --
147b9498	-- inaccessible --
147b949c	-- inaccessible --
147b94a0	-- inaccessible --
147b94a4	-- inaccessible --
147b94a8	-- inaccessible --
147b94ac	-- inaccessible --
147b94b0	-- inaccessible --
147b94b4	-- inaccessible --
147b94b8	-- inaccessible --
147b94bc	-- inaccessible --
147b94c0	-- inaccessible --
147b94c4	-- inaccessible --
147b94c8	-- inaccessible --
147b94cc	-- inaccessible --
147b94d0	-- inaccessible --
147b94d4	-- inaccessible --
147b94d8	-- inaccessible --
147b94dc	-- inaccessible --
147b94e0	-- inaccessible --
147b94e4	-- inaccessible --
147b94e8	-- inaccessible --
147b94ec	-- inaccessible --
147b94f0	-- inaccessible --
147b94f4	-- inaccessible --
147b94f8	-- inaccessible --
147b94fc	-- inaccessible --
147b9500	-- inaccessible --
147b9504	-- inaccessible --
147b9508	-- inaccessible --
147b950c	-- inaccessible --
147b9510	-- inaccessible --
147b9514	-- inaccessible --
147b9518	-- inaccessible --
147b951c	-- inaccessible --
147b9520	-- inaccessible --
147b9524	-- inaccessible --
147b9528	-- inaccessible --
147b952c	-- inaccessible --
147b9530	-- inaccessible --
147b9534	-- inaccessible --
147b9538	-- inaccessible --
147b953c	-- inaccessible --
147b9540	-- inaccessible --
147b9544	-- inaccessible --
147b9548	-- inaccessible --
147b954c	-- inaccessible --
147b9550	-- inaccessible --
147b9554	-- inaccessible --
147b9558	-- inaccessible --
147b955c	-- inaccessible --
147b9560	-- inaccessible --
147b9564	-- inaccessible --
147b9568	-- inaccessible --
147b956c	-- inaccessible --
147b9570	-- inaccessible --
147b9574	-- inaccessible --
147b9578	-- inaccessible --
147b957c	-- inaccessible --
147b9580	-- inaccessible --
147b9584	-- inaccessible --
147b9588	-- inaccessible --
147b958c	-- inaccessible --
147b9590	-- inaccessible --
147b9594	-- inaccessible --
147b9598	-- inaccessible --
147b959c	-- inaccessible --
147b95a0	-- inaccessible --
147b95a4	-- inaccessible --
147b95a8	-- inaccessible --
147b95ac	-- inaccessible --
147b95b0	-- inaccessible --
147b95b4	-- inaccessible --
147b95b8	-- inaccessible --
147b95bc	-- inaccessible --
147b95c0	-- inaccessible --
147b95c4	-- inaccessible --
147b95c8	-- inaccessible --
147b95cc	-- inaccessible --
147b95d0	-- inaccessible --
147b95d4	-- inaccessible --
147b95d8	-- inaccessible --
147b95dc	-- inaccessible --
147b95e0	-- inaccessible --
147b95e4	-- inaccessible --
147b95e8	-- inaccessible --
147b95ec	-- inaccessible --
147b95f0	-- inaccessible --
147b95f4	-- inaccessible --
147b95f8	-- inaccessible --
147b95fc	-- inaccessible --
147b9600	-- inaccessible --
147b9604	-- inaccessible --
147b9608	-- inaccessible --
147b960c	-- inaccessible --
147b9610	-- inaccessible --
147b9614	-- inaccessible --
147b9618	-- inaccessible --
147b961c	-- inaccessible --
147b9620	-- inaccessible --
147b9624	-- inaccessible --
147b9628	-- inaccessible --
147b962c	-- inaccessible --
147b9630	-- inaccessible --
147b9634	-- inaccessible --
147b9638	-- inaccessible --
147b963c	-- inaccessible --
147b9640	-- inaccessible --
147b9644	-- inaccessible --
147b9648	-- inaccessible --
147b964c	-- inaccessible --
147b9650	-- inaccessible --
147b9654	-- inaccessible --
147b9658	-- inaccessible --
147b965c	-- inaccessible --
147b9660	-- inaccessible --
147b9664	-- inaccessible --
147b9668	-- inaccessible --
147b966c	-- inaccessible --
147b9670	-- inaccessible --
147b9674	-- inaccessible --
147b9678	-- inaccessible --
147b967c	-- inaccessible --

⇓ click on the title of a section to open or close it.

Disassembly of stack frame 1 at AcroForm.api + 0x48BFF8

608fbf35	e81eba0800	call AcroForm!DllUnregisterServer+0x2d0bc6 (60987958)
608fbf3a	8d442474	lea eax,[esp+74h]
608fbf3e	c68424b400000007	mov byte ptr [esp+0B4h],7
608fbf46	50	push eax
608fbf47	8d8c2494000000	lea ecx,[esp+94h]
608fbf4e	e81eb90800	call AcroForm!DllUnregisterServer+0x2d0adf (60987871)
608fbf53	6808f8d160	push offset AcroForm!DllUnregisterServer+0x668a76 (60d1f808)
608fbf58	8d842494000000	lea eax,[esp+94h]
608fbf5f	e910ffffff	jmp AcroForm!DllUnregisterServer+0x2450e2 (608fbe74)
608fbf64	8b8c24ac000000	mov ecx,dword ptr [esp+0ACh]
608fbf6b	64890d00000000	mov dword ptr fs:[0],ecx
608fbf72	59	pop ecx
608fbf73	5f	pop edi
608fbf74	5e	pop esi
608fbf75	5d	pop ebp
608fbf76	5b	pop ebx
608fbf77	81c4a4000000	add esp,0A4h
608fbf7d	c21800	ret 18h
608fbf80	55	push ebp
608fbf81	8bec	mov ebp,esp
608fbf83	56	push esi
608fbf84	ff7508	push dword ptr [ebp+8]
608fbf87	8bf1	mov esi,ecx
608fbf89	8b4e1c	mov ecx,dword ptr [esi+1Ch]
608fbf8c	e87cfaffff	call AcroForm!DllUnregisterServer+0x244c7b (608fba0d)
608fbf91	8b4d08	mov ecx,dword ptr [ebp+8]
608fbf94	50	push eax
608fbf95	50	push eax
608fbf96	e8ca240000	call AcroForm!DllUnregisterServer+0x2476d3 (608fe465)
608fbf9b	50	push eax
608fbf9c	e8df010000	call AcroForm!DllUnregisterServer+0x2453ee (608fc180)
608fbfa1	8b5614	mov edx,dword ptr [esi+14h]
608fbfa4	59	pop ecx
608fbfa5	03d0	add edx,eax
608fbfa7	8b4640	mov eax,dword ptr [esi+40h]
608fbfaa	59	pop ecx
608fbfab	8b4d14	mov ecx,dword ptr [ebp+14h]
608fbfae	895614	mov dword ptr [esi+14h],edx
608fbfb1	66d3e2	shl dx,cl
608fbfb4	8b4e34	mov ecx,dword ptr [esi+34h]
608fbfb7	0faf4d0c	imul ecx,dword ptr [ebp+0Ch]
608fbfbb	5e	pop esi
608fbfbc	034d10	add ecx,dword ptr [ebp+10h]
608fbfbf	c1e107	shl ecx,7
608fbfc2	66891401	mov word ptr [ecx+eax],dx
608fbfc6	5d	pop ebp
608fbfc7	c21000	ret 10h
608fbfca	56	push esi
608fbfcb	57	push edi
608fbfcc	33f6	xor esi,esi
608fbfce	8bf9	mov edi,ecx
608fbfd0	8b4c240c	mov ecx,dword ptr [esp+0Ch]
608fbfd4	46	inc esi
608fbfd5	56	push esi
608fbfd6	e88a240000	call AcroForm!DllUnregisterServer+0x2476d3 (608fe465)
608fbfdb	85c0	test eax,eax
608fbfdd	741d	je AcroForm!DllUnregisterServer+0x24526a (608fbffc)
608fbfdf	8b5734	mov edx,dword ptr [edi+34h]
608fbfe2	0faf542410	imul edx,dword ptr [esp+10h]
608fbfe7	8b4740	mov eax,dword ptr [edi+40h]
608fbfea	8b4c2418	mov ecx,dword ptr [esp+18h]
608fbfee	66d3e6	shl si,cl
608fbff1	03542414	add edx,dword ptr [esp+14h]
608fbff5	c1e207	shl edx,7
608fbff8	66093402	or word ptr [edx+eax],si // current instruction
608fbffc	5f	pop edi
608fbffd	5e	pop esi
608fbffe	c21000	ret 10h
608fc001	6aff	push 0FFFFFFFFh
608fc003	687ec4b060	push offset AcroForm!DllUnregisterServer+0x4556ec (60b0c47e)
608fc008	64a100000000	mov eax,dword ptr fs:[00000000h]
608fc00e	50	push eax
608fc00f	81ecd8000000	sub esp,0D8h
608fc015	a11093f460	mov eax,dword ptr [AcroForm!DllUnregisterServer+0x89257e (60f49310)]
608fc01a	33c4	xor eax,esp
608fc01c	898424d4000000	mov dword ptr [esp+0D4h],eax
608fc023	53	push ebx
608fc024	55	push ebp
608fc025	56	push esi
608fc026	57	push edi
608fc027	a11093f460	mov eax,dword ptr [AcroForm!DllUnregisterServer+0x89257e (60f49310)]
608fc02c	33c4	xor eax,esp
608fc02e	50	push eax
608fc02f	8d8424ec000000	lea eax,[esp+0ECh]
608fc036	64a300000000	mov dword ptr fs:[00000000h],eax
608fc03c	8bf9	mov edi,ecx
608fc03e	8b842404010000	mov eax,dword ptr [esp+104h]
608fc045	8b9c24fc000000	mov ebx,dword ptr [esp+0FCh]
608fc04c	8bac2400010000	mov ebp,dword ptr [esp+100h]
608fc053	6880000000	push 80h
608fc058	89442418	mov dword ptr [esp+18h],eax
608fc05c	8d44246c	lea eax,[esp+6Ch]
608fc060	6a00	push 0
608fc062	50	push eax
608fc063	e8fc2bbeff	call AcroForm+0x6ec64 (604dec64)
608fc068	8b4f1c	mov ecx,dword ptr [edi+1Ch]
608fc06b	83c40c	add esp,0Ch
608fc06e	53	push ebx
608fc06f	e899f9ffff	call AcroForm!DllUnregisterServer+0x244c7b (608fba0d)
608fc074	8bf0	mov esi,eax
608fc076	8bcb	mov ecx,ebx
608fc078	56	push esi
608fc079	e8e7230000	call AcroForm!DllUnregisterServer+0x2476d3 (608fe465)
608fc07e	56	push esi
608fc07f	50	push eax
608fc080	e8fb000000	call AcroForm!DllUnregisterServer+0x2453ee (608fc180)
608fc085	59	pop ecx
608fc086	59	pop ecx
608fc087	8b4f14	mov ecx,dword ptr [edi+14h]
608fc08a	33f6	xor esi,esi
608fc08c	03c8	add ecx,eax
608fc08e	46	inc esi
608fc08f	894f14	mov dword ptr [edi+14h],ecx
608fc092	66894c2468	mov word ptr [esp+68h],cx

⇓ click on the title of a section to open or close it.

Disassembly of stack frame 2 at AcroForm.api + 0x48CC06

608fcb48	5d	pop ebp
608fcb49	5b	pop ebx
608fcb4a	83c418	add esp,18h
608fcb4d	c20400	ret 4
608fcb50	83ec18	sub esp,18h
608fcb53	53	push ebx
608fcb54	55	push ebp
608fcb55	56	push esi
608fcb56	57	push edi
608fcb57	8bf1	mov esi,ecx
608fcb59	e874190000	call AcroForm!DllUnregisterServer+0x247740 (608fe4d2)
608fcb5e	33ff	xor edi,edi
608fcb60	837e6401	cmp dword ptr [esi+64h],1
608fcb64	897c2418	mov dword ptr [esp+18h],edi
608fcb68	0f8405010000	je AcroForm!DllUnregisterServer+0x245ee1 (608fcc73)
608fcb6e	33c9	xor ecx,ecx
608fcb70	894c241c	mov dword ptr [esp+1Ch],ecx
608fcb74	394e54	cmp dword ptr [esi+54h],ecx
608fcb77	0f864c010000	jbe AcroForm!DllUnregisterServer+0x245f37 (608fccc9)
608fcb7d	33ed	xor ebp,ebp
608fcb7f	896c2414	mov dword ptr [esp+14h],ebp
608fcb83	396e58	cmp dword ptr [esi+58h],ebp
608fcb86	0f86d7000000	jbe AcroForm!DllUnregisterServer+0x245ed1 (608fcc63)
608fcb8c	837e2400	cmp dword ptr [esi+24h],0
608fcb90	741d	je AcroForm!DllUnregisterServer+0x245e1d (608fcbaf)
608fcb92	397e24	cmp dword ptr [esi+24h],edi
608fcb95	7518	jne AcroForm!DllUnregisterServer+0x245e1d (608fcbaf)
608fcb97	8bce	mov ecx,esi
608fcb99	e834190000	call AcroForm!DllUnregisterServer+0x247740 (608fe4d2)
608fcb9e	8bce	mov ecx,esi
608fcba0	e883f9ffff	call AcroForm!DllUnregisterServer+0x245796 (608fc528)
608fcba5	8b4c241c	mov ecx,dword ptr [esp+1Ch]
608fcba9	33ff	xor edi,edi
608fcbab	897c2418	mov dword ptr [esp+18h],edi
608fcbaf	33db	xor ebx,ebx
608fcbb1	395e64	cmp dword ptr [esi+64h],ebx
608fcbb4	0f8696000000	jbe AcroForm!DllUnregisterServer+0x245ebe (608fcc50)
608fcbba	8b5668	mov edx,dword ptr [esi+68h]
608fcbbd	8b7c2414	mov edi,dword ptr [esp+14h]
608fcbc1	8b2c9a	mov ebp,dword ptr [edx+ebx*4]
608fcbc4	33c0	xor eax,eax
608fcbc6	89442410	mov dword ptr [esp+10h],eax
608fcbca	8b6d08	mov ebp,dword ptr [ebp+8]
608fcbcd	85ed	test ebp,ebp
608fcbcf	746d	je AcroForm!DllUnregisterServer+0x245eac (608fcc3e)
608fcbd1	8b149a	mov edx,dword ptr [edx+ebx*4]
608fcbd4	8b5204	mov edx,dword ptr [edx+4]
608fcbd7	89542424	mov dword ptr [esp+24h],edx
608fcbdb	0fafe9	imul ebp,ecx
608fcbde	33d2	xor edx,edx
608fcbe0	89542420	mov dword ptr [esp+20h],edx
608fcbe4	03e8	add ebp,eax
608fcbe6	39542424	cmp dword ptr [esp+24h],edx
608fcbea	763c	jbe AcroForm!DllUnregisterServer+0x245e96 (608fcc28)
608fcbec	8b4668	mov eax,dword ptr [esi+68h]
608fcbef	ff74242c	push dword ptr [esp+2Ch]
608fcbf3	8b0c98	mov ecx,dword ptr [eax+ebx*4]
608fcbf6	8b4104	mov eax,dword ptr [ecx+4]
608fcbf9	0fafc7	imul eax,edi
608fcbfc	03c2	add eax,edx
608fcbfe	50	push eax
608fcbff	55	push ebp
608fcc00	56	push esi
608fcc01	e8c4f3ffff	call AcroForm!DllUnregisterServer+0x245238 (608fbfca) // call
608fcc06	8b4668	mov eax,dword ptr [esi+68h] // return address
608fcc09	8b542420	mov edx,dword ptr [esp+20h]
608fcc0d	42	inc edx
608fcc0e	89542420	mov dword ptr [esp+20h],edx
608fcc12	8b0498	mov eax,dword ptr [eax+ebx*4]
608fcc15	8b4004	mov eax,dword ptr [eax+4]
608fcc18	89442424	mov dword ptr [esp+24h],eax
608fcc1c	3bd0	cmp edx,eax
608fcc1e	72cc	jb AcroForm!DllUnregisterServer+0x245e5a (608fcbec)
608fcc20	8b4c241c	mov ecx,dword ptr [esp+1Ch]
608fcc24	8b442410	mov eax,dword ptr [esp+10h]
608fcc28	8b5668	mov edx,dword ptr [esi+68h]
608fcc2b	40	inc eax
608fcc2c	89442410	mov dword ptr [esp+10h],eax
608fcc30	8b049a	mov eax,dword ptr [edx+ebx*4]
608fcc33	8b6808	mov ebp,dword ptr [eax+8]
608fcc36	8b442410	mov eax,dword ptr [esp+10h]
608fcc3a	3bc5	cmp eax,ebp
608fcc3c	729d	jb AcroForm!DllUnregisterServer+0x245e49 (608fcbdb)
608fcc3e	43	inc ebx
608fcc3f	3b5e64	cmp ebx,dword ptr [esi+64h]
608fcc42	0f8279ffffff	jb AcroForm!DllUnregisterServer+0x245e2f (608fcbc1)
608fcc48	8b7c2418	mov edi,dword ptr [esp+18h]
608fcc4c	8b6c2414	mov ebp,dword ptr [esp+14h]
608fcc50	45	inc ebp
608fcc51	47	inc edi
608fcc52	896c2414	mov dword ptr [esp+14h],ebp
608fcc56	897c2418	mov dword ptr [esp+18h],edi
608fcc5a	3b6e58	cmp ebp,dword ptr [esi+58h]
608fcc5d	0f8229ffffff	jb AcroForm!DllUnregisterServer+0x245dfa (608fcb8c)
608fcc63	41	inc ecx
608fcc64	894c241c	mov dword ptr [esp+1Ch],ecx
608fcc68	3b4e54	cmp ecx,dword ptr [esi+54h]
608fcc6b	0f820cffffff	jb AcroForm!DllUnregisterServer+0x245deb (608fcb7d)
608fcc71	eb56	jmp AcroForm!DllUnregisterServer+0x245f37 (608fccc9)
608fcc73	8b4668	mov eax,dword ptr [esi+68h]
608fcc76	33db	xor ebx,ebx
608fcc78	8b00	mov eax,dword ptr [eax]
608fcc7a	395828	cmp dword ptr [eax+28h],ebx
608fcc7d	764a	jbe AcroForm!DllUnregisterServer+0x245f37 (608fccc9)
608fcc7f	33ed	xor ebp,ebp
608fcc81	39682c	cmp dword ptr [eax+2Ch],ebp
608fcc84	7638	jbe AcroForm!DllUnregisterServer+0x245f2c (608fccbe)
608fcc86	837e2400	cmp dword ptr [esi+24h],0
608fcc8a	7415	je AcroForm!DllUnregisterServer+0x245f0f (608fcca1)
608fcc8c	397e24	cmp dword ptr [esi+24h],edi
608fcc8f	7510	jne AcroForm!DllUnregisterServer+0x245f0f (608fcca1)
608fcc91	8bce	mov ecx,esi
608fcc93	e83a180000	call AcroForm!DllUnregisterServer+0x247740 (608fe4d2)
608fcc98	8bce	mov ecx,esi

⇓ click on the title of a section to open or close it.

BugId:	OOBW[0x200]+0 a49.fdd
Location:	acrord32.exe!acroform.api+0x48BFF8
Description:	An Access Violation exception happened at 0x147B9000 while attempting to write memory at 0x147B9000; at the end of a 512/0x200 bytes heap block at 0x147B8E00. This indicates an Out-Of-Bounds (OOB) access bug was triggered.
Version:	AcroRd32.exe: 18.11.20035.2003 (x86) AcroForm.api: 18.11.20035.2003 (x86)
Security impact:	Potentially exploitable security issue that indicates arbitrary code execution may be possible.
Arguments:	['/n', 'OOBW0x48BFF8.pdf']

eax = 0x147B8E00	xmm0 = 0x0
ebx = 0x1	xmm1 = 0x0
ecx = 0x1	xmm2 = 0x0
edx = 0x200	xmm3 = 0x0
esi = 0x2	xmm4 = 0x0
edi = 0x5C056CCC	xmm5 = 0x0
esp = 0x8FD0AC	xmm6 = 0x402A5A00
ebp = 0x3	xmm7 = 0x3EC05AEB

Image path	AcroRd32.exe
Image name	AcroRd32.exe
Timestamp	Fri Feb 2 20:19:02 2018 (5A74AB96)
CheckSum	00233D1F
ImageSize	0022F000
File version	18.11.20035.2003
Product version	18.11.20035.2003
File flags	0 (Mask 3F)
File OS	50004 CE Win32
File type	1.0 App
File date	00000000.00000000
Translations	0409.04e4
CompanyName	Adobe Systems Incorporated
ProductName	Adobe Acrobat Reader DC
OriginalFilename	AcroRd32.exe
ProductVersion	18.11.20035.264147
FileVersion	18.11.20035.264147
FileDescription	Adobe Acrobat Reader DC
LegalCopyright	Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved.

Loaded symbol image file	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api
Image path	c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api
Image name	AcroForm.api
Timestamp	Fri Feb 2 20:09:08 2018 (5A74A944)
CheckSum	00000000
ImageSize	00CFB000
File version	18.11.20035.2003
Product version	18.11.20035.2003
File flags	0 (Mask 3F)
File OS	4 Unknown Win32
File type	2.0 Dll
File date	00000000.00000000
Translations	0409.04b0
CompanyName	Adobe Systems Incorporated
ProductName	Adobe Acrobat Forms
InternalName	AcroForm
OriginalFilename	AcroForm.api
ProductVersion	18.11.20035.264147
FileVersion	18.11.20035.264147
FileDescription	Adobe Acrobat Forms Plug-In
LegalCopyright	Copyright 1984-2017 Adobe Systems Incorporated and its licensors. All rights reserved.
LegalTrademarks	Adobe, Acrobat and the Acrobat logo are trademarks of Adobe Systems Incorporated which may be registered in certain jurisdictions.
Comments	The Acrobat Forms plug-in allows users to create dynamic electronic forms for fill-in and transmittal.

BugId OOBW[0x200]+0 a49.fdd @ acrord32.exe!acroform.api+0x48BFF8 summary

Stack

Registers

Memory near access violation at 0x147B9000

Disassembly of stack frame 1 at AcroForm.api + 0x48BFF8

Disassembly of stack frame 2 at AcroForm.api + 0x48CC06

Binary information

AcroRd32.exe

AcroForm.api

Application and cdb output log