{"id":16904,"date":"2019-11-15T12:40:09","date_gmt":"2019-11-15T20:40:09","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/11\/15\/news-10642\/"},"modified":"2019-11-15T12:40:09","modified_gmt":"2019-11-15T20:40:09","slug":"news-10642","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/11\/15\/news-10642\/","title":{"rendered":"Fortinet Security Researchers Discover Multiple Vulnerabilities in Adobe and Cisco Products"},"content":{"rendered":"
\n
\n

This past Patch Tuesday<\/a>, November 12th<\/sup>, Adobe announced a number of Security Updates<\/a> for Adobe Illustrator CC. They included two critical vulnerabilities that were originally discovered by Fortinet Threat Researcher Kushal Arvind Shah.<\/p>\n

The week before, on Wednesday, November 6th<\/sup>, a number of \u00a0Security Updates<\/a> were also released by Cisco Systems. They included five high risk vulnerabilities for their Cisco Webex Network Recording Player and Webex Player tools. These vulnerabilities were also discovered by Kushal Arvind Shah as well as Fortinet security researcher Yici Zhang.<\/p>\n

All of these vulnerabilities have now been patched. More information about them, and the Fortinet solutions that address them, is included below:<\/p>\n

CVE-2019-8247<\/a><\/b><\/p>\n

This is a memory corruption vulnerability found in Adobe Illustrator CC. Specifically, the vulnerability is caused by a crafted PCT file which causes an out-of-bounds write memory access. If exploited, it could lead to arbitrary code execution in the context of the current user.<\/p>\n

An attacker could exploit this vulnerability by sending a user a malicious PCT file using a link or email attachment and then convincing the user to open the file with the affected software.<\/p>\n

Fortinet had previously released IPS signature Adobe.Illustrator.CVE-2019-8247.Memory.Corruption <\/b>to proactively\u00a0protect our customers.<\/p>\n

CVE-2019-8248<\/a><\/b><\/p>\n

This is a memory corruption vulnerability found in Adobe Illustrator CC. Specifically, the vulnerability is caused by a crafted TGA file which causes an out-of-bounds memory access. If exploited, it could lead to arbitrary code execution in the context of the current user.<\/p>\n

An attacker could exploit this vulnerability by sending a user a malicious TGA file using a link or email attachment and then convincing the user to open the file with the affected software.<\/p>\n

Fortinet had previously released IPS signature Adobe.Illustrator.CVE-2019-8248.Memory.Corruption <\/b>to proactively\u00a0protect our customers.<\/p>\n

CVE-2019-15283<\/a><\/b><\/p>\n

This is a memory corruption vulnerability found in the Cisco Webex Network Recording Player and Webex Player. Specifically, the vulnerability is caused by a crafted ARF file due to insufficient validation of certain elements,\u00a0which causes an out-of-bounds memory access. If exploited, it could lead to arbitrary code execution in the context of the current user.<\/p>\n

An attacker could exploit this vulnerability by sending a user a malicious ARF file using a link or email attachment and then convincing the user to open the file with the affected software.<\/p>\n

Fortinet had previously released IPS signature Cisco.WebEx.CVE-2019-15283.Memory.Corruption <\/b>to proactively\u00a0protect our customers.<\/p>\n

CVE-2019-15284<\/a><\/b><\/p>\n

This is a memory corruption vulnerability found in the Cisco Webex Network Recording Player and Webex Player. Specifically, the vulnerability is caused by a crafted ARF file due to insufficient validation of certain elements,\u00a0which causes an out-of-bounds memory access. If exploited, it could lead to arbitrary code execution in the context of the current user.<\/p>\n

An attacker could exploit this vulnerability by sending a user a malicious ARF file using a link or email attachment and then convincing the user to open the file with the affected software.<\/p>\n

Fortinet had previously released IPS signature Cisco.WebEx.CVE-2019-15284.Memory.Corruption<\/b> to proactively\u00a0protect our customers.<\/p>\n

CVE-2019-15285<\/a><\/b><\/p>\n

This is a memory corruption vulnerability found in the Cisco Webex Network Recording Player and Webex Player. Specifically, the vulnerability is caused by a crafted ARF file due to insufficient validation of certain elements,\u00a0which causes an out-of-bounds memory access. If exploited, it could lead to arbitrary code execution in the context of the current user.<\/p>\n

An attacker could exploit this vulnerability by sending a user a malicious ARF file using a link or email attachment and then convincing the user to open the file with the affected software.<\/p>\n

Fortinet had previously released IPS signature Cisco.WebEx.CVE-2019-15285.Memory.Corruption <\/b>to proactively\u00a0protect our customers.<\/p>\n

CVE-2019-15286<\/a><\/b><\/p>\n

This is a memory corruption vulnerability found in the Cisco Webex Network Recording Player and Webex Player. Specifically, the vulnerability is caused by a crafted ARF file due to insufficient validation of certain elements,\u00a0which causes an out-of-bounds memory access. If exploited, it could lead to arbitrary code execution in the context of the current user.<\/p>\n

An attacker could exploit this vulnerability by sending a user a malicious ARF file using a link or email attachment and then convincing the user to open the file with the affected software.<\/p>\n

Fortinet had previously released IPS signature Cisco.WebEx.CVE-2019-15286.Memory.Corruption<\/b> to proactively\u00a0protect our customers.<\/p>\n

CVE-2019-15287<\/a><\/b><\/p>\n

This is a memory corruption vulnerability found in the Cisco Webex Network Recording Player and Webex Player. Specifically, the vulnerability is caused by a crafted ARF file due to insufficient validation of certain elements,\u00a0which causes an out-of-bounds memory access. If exploited, it could lead to arbitrary code execution in the context of the current user.<\/p>\n

An attacker could exploit this vulnerability by sending a user a malicious ARF file using a link or email attachment and then convincing the user to open the file with the affected software.<\/p>\n

Fortinet had previously released IPS signature Cisco.WebEx.CVE-2019-15287.Memory.Corruption <\/b>to proactively\u00a0protect our customers.<\/p>\n

Learn more about\u00a0FortiGuard Labs<\/a>\u00a0and the FortiGuard Security Services\u00a0portfolio<\/a>.\u00a0Sign up<\/a>\u00a0for our weekly FortiGuard Threat Brief.<\/i><\/p>\n

Read about the FortiGuard\u00a0Security Rating Service<\/a>, which provides security audits and best practices.<\/i>\u00a0<\/p>\n<\/p><\/div>\n

\n
\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n

http:\/\/feeds.feedburner.com\/fortinet\/blog\/threat-research<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Our Fortinet security researchers discovered multiple vulnerabilities in Adobe and Cisco products, all of which have since been patched. Learn more.<img src=”http:\/\/feeds.feedburner.com\/~r\/fortinet\/blog\/threat-research\/~4\/GqEpe8VGOs0″ height=”1″ width=”1″ alt=””\/><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10424,10378],"tags":[],"class_list":["post-16904","post","type-post","status-publish","format-standard","hentry","category-fortinet","category-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16904"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16904\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16904"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}