adobe


Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities. CVE-2017-2926 This is a memory corruption vulnerability found in Flash Player’s engine when processing MP4 files. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom... [Read More]
by RSS Kai Lu  |  Jan 17, 2017  |  Filed in: Security Research
Fortinet researchers recently discovered two critical zero-day vulnerabilities in Adobe Acrobat and Reader. They are identified as CVE-2016-6939 and CVE-2016-6948. Adobe released a patch to fix these vulnerabilities on October 6, 2016. CVE-2016-6939 This vulnerability was discovered by Kai Lu. CVE-2016-6939 is a heap overflow vulnerability. The vulnerability is caused by a crafted PDF file which causes an out of bounds memory access due to an improper bounds check when manipulating an array pointer. The specific vulnerability exists... [Read More]
by RSS Kai Lu and Kushal Shah  |  Oct 21, 2016  |  Filed in: Security Research
Summary Recently, Adobe patched some security vulnerabilities in Adobe Acrobat and Reader. One of them is a heap buffer overflow vulnerability (CVE-2016-4203) I recently discovered. In this blog, we want to share our analysis of this vulnerability. Proof of Concept This vulnerability can be reproduced by opening the PoC file “poc_minimized.pdf” with Adobe Reader DC. When opened, AcroRd32.exe crashes, and the crash information is shown below: (8de0.6bc4): Access violation - code c0000005 (first chance) First chance exceptions... [Read More]
by RSS Kai Lu  |  Jul 20, 2016  |  Filed in: Security Research
SummaryRecently, Adobe patched some security vulnerabilities in Adobe Acrobat and Reader. One of them is a use-after-free vulnerability (CVE-2016-4119) discovered by Fortinet's FortiGuard Labs. In this blog, we want to share our analysis of this vulnerability.Proof of ConceptThis vulnerability can be reproduced by opening the PDF file “PoC_decrypt.pdf” with Adobe Reader DC. When opened, AcroRd32.exe crashes, and the crash information shows the following:(28d8.110): Access violation - code c0000005 (first chance)First chance exceptions are reported... [Read More]
by RSS Kai Lu and Kushal Arvind Shah  |  Jun 06, 2016  |  Filed in: Security Research
Tags: adobe
A few days ago, Oracle announced on their blog that they plan to kill the Java browser plugin in their next major version of JDK, scheduled for release in Q1 2017. What does this mean? Should we worry about our browsing experience? This really just means that it won’t be possible to run Java applets in the browser anymore. The infamous “applet” is a technology that was developed by Sun Microsystems in the 90’s and went on to be acquired by Oracle. This technology was still popular in many exploit kits over the... [Read More]
by RSS David Maciejak  |  Feb 05, 2016  |  Filed in: Industry Trends & News
Overview Despite a number of recent vulnerabilities discovered in Adobe Shockwave and a general move to other multimedia platforms, Adobe reports that over 450 million Internet-enabled computers have Adobe Shockwave installed.  Shockwave remains a powerful legacy platform that supports raster graphics, basic vector graphics, 3D graphics, audio, and an embedded scripting language called Lingo.    Recently, researchers at FortiGuard Labs discovered a memory corruption vulnerability (CVE-2015-7649) in Shockwave that could... [Read More]
by RSS Peixue Li  |  Oct 30, 2015  |  Filed in: Behind the Firewall
Researchers at FortiGuard Labs recently discovered another heap overflow vulnerability in the Adobe Flash Player. The vulnerability, CVE-2015-5129, is similar to a larger group of security issues found in Flash Player, all of which could be exploited to allow remote code execution on the host system. Although FortiGuard has not observed active exploits for this particular vulnerability in the wild, we did find multiple products that incorporate Flash with the vulnerability. This includes the Google Chrome browser. Additionally,... [Read More]
by RSS Aamir Lakhani  |  Aug 18, 2015  |  Filed in: Security Research
Today, Adobe has released a new announcement of vulnerabilities, 3 of which were discovered by researchers at FortiGuard Labs. Adobe Flash and Shockwave continue to be a challenge for organizations and vendors to keep secure. Memory corruptions can lead to the development of zero-day exploits against systems and there are overlaps in feature sets between versions of Shockwave and Flash. FortiGuard Lab researchers are finding chatter among hacker groups that leads us to believe attackers are still finding Flash and Shockwave as a viable and... [Read More]
by RSS Aamir Lakhani  |  Jul 14, 2015  |  Filed in: Industry Trends & News
Another Patch Tuesday is upon us, and both Microsoft and Adobe have pushed out updates to fix issues with multiple products. Microsoft Microsoft released nine updates today to address 37 CVEs. These updates impact Windows, Internet Explorer, .NET, OneNote, SharePoint, and SQL Server. Two of the nine updates are rated Critical, and may allow for Remote Code Execution. The remaining patches are rated Important. It's very important that you update your systems as quickly as possible, but if you need to prioritize, make patching the two Critical... [Read More]
by RSS Richard Henderson  |  Aug 12, 2014  |  Filed in: Industry Trends & News
This month we have patches from Adobe, Microsoft and Oracle launching today: Microsoft Microsoft published their monthly advanced notification for critical and important patches, and this month there are four patches: MS14-001 - Rated Important - affects Microsoft Office and Microsoft Server Software: may allow remote code execution. Patch may require a reboot. MS14-002 - Rated Important - affects Windows: may allow elevation of privilege. Patch requires a reboot. MS14-003 - Rated Important - affects Windows: may allow elevation of privilege.... [Read More]
by RSS Richard Henderson  |  Jan 14, 2014  |  Filed in: Industry Trends & News