Fortinet Security Researcher Discovers Two Critical Vulnerabilities in Adobe Flash Player

Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities.

CVE-2017-2926

This is a memory corruption vulnerability found in Flash Player’s engine when processing MP4 files. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom specification that causes an out of bounds memory access, which sometimes triggers an access violation exception.

Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees — potentially leading to code corruption, control-flow hijack, or an information leak attack.

Fortinet released IPS signature Adobe.Flash.MP4.stsz.atom.Memory.Corruption to proactively protect our customers.

CVE-2017-2927

This is a heap overflow vulnerability that is exposed when processing Adobe Texture Format (ATF) files in Flash Player. Specifically, the vulnerability is caused by a malformed ATF file which causes an out of bounds memory access due to improper bounds checking when manipulating a pointer to a heap allocated buffer.

Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes, or frees — potentially leading to code corruption, control-flow hijack, or an information leak attack.

Fortinet released IPS signature Adobe.Flash.Adobe.Texture.Format.Heap.Overflow to proactively protect our customers.

https://blog.fortinet.com/feed