{"id":6694,"date":"2017-02-20T09:40:18","date_gmt":"2017-02-20T17:40:18","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/20\/news-513\/"},"modified":"2017-02-21T15:02:16","modified_gmt":"2017-02-21T23:02:16","slug":"news-513","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/02\/20\/news-513\/","title":{"rendered":"Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Flash Player"},"content":{"rendered":"

Credit to Author: Kai Lu| Date: Sun, 19 Feb 2017 09:05:14 -0800<\/strong><\/p>\n

\n

I discovered and reported multiple critical zero-day vulnerabilities in Adobe Flash Player last November. This Tuesday, Adobe released a security patch<\/a> which fixed them. These vulnerabilities are identified as CVE-2017-2984, CVE-2017-2990, and CVE-2017-2991.  CVE-2017-2984 actually fixed three issues I reported because they have the same root cause. Due to the critical rating of these vulnerabilities, we suggest users apply the Adobe patchs as soon as possible.<\/p>\n

Following is more details of these vulnerabilities.<\/p>\n

CVE-2017-2984<\/strong>[<\/strong>1<\/strong><\/a>][<\/strong>2<\/strong><\/a>][<\/strong>3<\/strong><\/a>]<\/strong><\/h3>\n

This is a heap overflow vulnerability that exists in the Flash Player h264 decoder. Specifically, a malformed MP4 file that contains images with a resolution smaller than specified causes this vulnerability. It results in an out of bounds memory access due to improper bounds checking when manipulating a pointer to a heap allocated buffer.<\/p>\n

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted MP4 file.<\/p>\n

Fortinet previously released IPS signature Adobe.Flash.h264.Decoding.Heap.Overflow <\/strong>for<\/strong> this specific vulnerability to proactively protect our customers.<\/p>\n

CVE-2017-2990<\/strong><\/a><\/h3>\n

This is a memory corruption vulnerability existing in Flash Player h264 decompression. Specifically, a malformed MP4 file that contains a malformed ‘dref’ tag and malformed sample size associated with ‘stsz’ tag causes this vulnerability. It results in an out of bounds memory access, which sometimes triggers an access violation exception.<\/p>\n

A remote attacker may be able to use a crafted MP4 file to exploit this vulnerability, thereby causing arbitrary code within the context of the application to execute.<\/p>\n

Fortinet previously released IPS signature Adobe.Flash.MP4.H264.Decompression.Memory.Corruption <\/strong>for this specific vulnerability to proactively protect our customers.<\/p>\n

CVE-2017-2991<\/strong><\/a><\/h3>\n

This is a memory corruption vulnerability existing in Flash Player h264 codec. Specifically, a malformed MP4 file that contains malformed YUV frame data causes this vulnerability. It causes an out of bounds memory access, which sometimes triggers an access violation exception.<\/p>\n

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted MP4 file.<\/p>\n

Fortinet previously released IPS signature Adobe.Flash.H264.Codec.YUV.Memory.Corruption<\/strong> for this specific vulnerability to proactively protect our customers.<\/p>\n<\/div
https:\/\/blog.fortinet.com\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Kai Lu| Date: Sun, 19 Feb 2017 09:05:14 -0800<\/strong><\/p>\n

I discovered and reported multiple critical zero-day vulnerabilities in Adobe Flash Player last November. This Tuesday, Adobe released a security patch which fixed them.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10424,10378],"tags":[],"class_list":["post-6694","post","type-post","status-publish","format-standard","hentry","category-fortinet","category-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6694"}],"version-history":[{"count":1,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6694\/revisions"}],"predecessor-version":[{"id":6727,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6694\/revisions\/6727"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6694"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}