![]() Important to note that a previous vulnerability discovered by To trigger the problem a PoC file (repro12.dir) is available to interested parties. We used the following values to calculate the scores:īase score is: AV:N/AC:L/Au:N/C:C/I:C/A:C Shockwave Player version 11.5.8.612, Module DIRAPI.dll on WinXP_PT SP3 Internet Explorer. This problem was confirmed in the following versions of Adobe Shockwave Player and Windows, other versions may be also affected. dir media file, which causes a corruption in module DIRAPI.dll by opening a malformed file with an invalid element size. dir media file (mmap_element_size)Īdobe Shockwave Player is the Adobe plugin to many different browsers to view rich-media content on the web including animations, interactive presentations, and online entertainment.Īdobe Shockwave Player does not properly parse. ![]() Memory corruption when Adobe Shockwave Player parses. Specifically, the vulnerability is caused by a malformed ATF file which causes an out of bounds memory access due to improper bounds checking when manipulating a pointer to a heap allocated buffer.Īttackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes, or frees - potentially leading to code corruption, control-flow hijack, or an information leak attack.įortinet released IPS signature . to proactively protect our customers.Change Mirror Download =Ĭheck Point Software Technologies - Vulnerability Discovery Team (VDT) This is a heap overflow vulnerability that is exposed when processing Adobe Texture Format (ATF) files in Flash Player. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom specification that causes an out of bounds memory access, which sometimes triggers an access violation exception.Īttackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees - potentially leading to code corruption, control-flow hijack, or an information leak attack.įortinet released IPS signature . to proactively protect our customers. This is a memory corruption vulnerability found in Flash Player’s engine when processing MP4 files. Here is a brief summary of each of these detected vulnerabilities. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016.
0 Comments
Leave a Reply. |