![]() ![]() While FortiGate IPS customers already have updated IPS signatures for them in place, we strongly encourage all Adobe Illustrator and After Effects customers to apply these recently released patches as soon as possible.įortiGuard Labs’ dedicated zero-day vulnerability research team was formed in 2006 as a white hat ethical hacking approach. The zero-day vulnerabilities outlined in this report are part of these efforts. Solutions to the Vulnerabilities Found in Adobe Illustrator and After Effects ProductsįortiGuard Labs is committed to ongoing threat research and analysis to provide critical threat intelligence to our customers and the cybersecurity community. Corruption for this specific vulnerability to proactively protect our customers before the patch became available. The specific vulnerability exists in the AfterFXLib module.Ī remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted AEPX file.įortinet already released IPS signature for this specific vulnerability to proactively protect our customers before the patch became available.įortinet already released IPS signature Adobe. Specifically, the vulnerability is caused by a malformed AEPX file that causes a Heap Overflow due to an improper bounds check. This Heap Overflow vulnerability exists in the decoding of AEPX files in Adobe After Effects. The specific vulnerability exists in the library TD_Db_3.05src_10.dll, which is a Plug-In parsing the DWG format file in Illustrator.įortinet already released IPS signature .Corruption for this specific vulnerability to proactively protect our customers before the patch became available.įortinet already released IPS signature .Corruption for this specific vulnerability to proactively protect our customers before the patch became available.įortinet already released IPS signature .Corruption for this specific vulnerability to proactively protect our customers before the patch became available. Specifically, the vulnerability is caused by a malformed DWG file that causes an Out of Bounds memory access due to an improper bounds check. This Memory Corruption vulnerability exists in the decoding of DWG files in Adobe Illustrator. The specific vulnerability exists in the library TD_Db_3.05src_10.dll, which is a Plug-In parsing the DWG format file in Illustrator.Ī remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWG file.įortinet already released IPS signature .Corruption for this specific vulnerability to proactively protect our customers before the patch became available. Specifically, the vulnerability is caused by a malformed DWG file that causes a stack overrun due to an improper bounds check. This Stack Overrun vulnerability exists in the decoding of DWG files in Adobe Illustrator. This specific vulnerability exists in the ‘SVG’ plugin.Ī remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted SVG file.įortinet already released IPS signature .Corruption for this specific vulnerability to proactively protect our customers before the patch became available. Specifically, the vulnerability is caused by a malformed SVG file that causes an Out of Bounds memory access due to an improper bounds check. This Memory Corruption vulnerability exists in the decoding of SVG files in Adobe Illustrator. Overview of the Vulnerabilities Discovered in Adobe Illustrator and After Effects Productsĭue to the critical rating of the following vulnerabilities, we suggest users apply the Adobe patches as soon as possible. Following are additional details of these vulnerabilities: The two vulnerabilities FortiGuard Labs discovered in Adobe After Effects are identified as CVE-2020-9637 and CVE-2020-9638. ![]() The five vulnerabilities FortiGuard Labs discovered in Adobe Illustrator are identified as CVE-2020-9639, CVE-2020-9640, CVE-2020-9641, CVE-2020-9642, and CVE-2020-9575.Īfter Effects is a video-editing application developed and published by Adobe Systems for macOS and Windows. Illustrator is a vector graphics editor developed and published by Adobe Systems for macOS and Windows. These vulnerabilities were discovered in Adobe’s Illustrator and After Effects solutions. Seven of them were discovered by FortiGuard Labs researchers Honggang Ren, Kushal Arvind Shah, and Yonghui Han. This Tuesday (June 16, 2020), Adobe released out-of-band security updates to address 18 critical vulnerabilities in multiple products. Impact: Multiple Vulnerabilities leading to Arbitrary Code Execution Impacted parties: Users of Adobe Illustrator 2020 versions 24.1.2 and earlier, Adobe After Effects versions 17.1 and earlier ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |