{"id":5807,"date":"2017-01-18T22:26:12","date_gmt":"2017-01-18T22:26:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/18\/news-22\/"},"modified":"2017-01-18T22:26:12","modified_gmt":"2017-01-18T22:26:12","slug":"news-22","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/18\/news-22\/","title":{"rendered":"Fortinet Security Researcher Discovers Two Critical Vulnerabilities in Adobe Flash Player"},"content":{"rendered":"<div class=\"entry\">\n<p>Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a <a href=\"https:\/\/helpx.adobe.com\/security\/products\/flash-player\/apsb17-02.html\">patch<\/a>&nbsp;to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities.<\/p>\n<p><a href=\"http:\/\/fortiguard.com\/advisory\/fortinet-discovers-adobe-flash-player-handing-mp4-out-of-bounds-read-vulnerability1\" target=\"_blank\">CVE-2017-2926<\/a><\/p>\n<p>This is a memory corruption vulnerability found in Flash Player&rsquo;s engine when processing MP4 files. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom specification that causes an out of bounds memory access, which sometimes triggers an access violation exception.<\/p>\n<p>Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees &#8212; potentially leading to code corruption, control-flow hijack, or an information leak attack.<\/p>\n<p>Fortinet released IPS signature&nbsp;Adobe.Flash.MP4.stsz.atom.Memory.Corruption&nbsp;to proactively&nbsp;protect our customers.<\/p>\n<p><a href=\"http:\/\/fortiguard.com\/advisory\/fortinet-discovers-adobe-flash-player-handling-atf-heap-overflow-vulnerability\" target=\"_blank\">CVE-2017-2927<\/a><\/p>\n<p>This is a heap overflow vulnerability that is exposed when processing Adobe Texture Format (ATF) files in Flash Player. Specifically, the vulnerability is caused by a malformed ATF file which causes an out of bounds memory access due to improper bounds checking when manipulating a pointer to a heap allocated buffer.<\/p>\n<p>Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes, or frees &#8212; potentially leading to code corruption, control-flow hijack, or an information leak attack.<\/p>\n<p>Fortinet released IPS signature&nbsp;Adobe.Flash.Adobe.Texture.Format.Heap.Overflow&nbsp;to proactively&nbsp;protect our customers.<\/p>\n<\/div<br \/><a href=\"http:\/\/blog.fortinet.com\/2017\/01\/17\/fortinet-security-researcher-discovers-two-critical-vulnerabilities-in-adobe-flash-player\" target=\"bwo\" >https:\/\/blog.fortinet.com\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a\u00a0patch\u00a0to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities.    CVE-2017-2926    This is a memory corruption vulnerability found in Flash Player\u2019s engine when processing MP4 files. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom&#8230;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10424,10378],"tags":[],"class_list":["post-5807","post","type-post","status-publish","format-standard","hentry","category-fortinet","category-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/5807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=5807"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/5807\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=5807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=5807"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=5807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}