Zero-Day Advisory
Fortinet Discovers Memory Corruption In Adobe Shockwave Player TextXtra.x32 Module
Summary
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Adobe Shockwave Player TextXtra.x32 Module.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Adobe.Shockwave.Player.Dir.File.DEMX.Tag.Memory.Corruption
Released May 06, 2010
Users should apply the solution provided by Adobe.
Additional Information
The memory corruption vulnerability exists because Shockwave Player incorrectly parses a malformed ".dir" media file.Acknowledgement
Honggang Ren of Fortinet's FortiGuard Labs