Fortinet Discovers Adobe Shockwave Player Memory Corruption Vulnerability
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Adobe Shockwave Player.
Adobe Shockwave Player is a freeware software plug-in for viewing multimedia and video games in web pages, content created on the Adobe Shockwave platform. Content is developed with Adobe Director and published on the Internet. Such content can be viewed in a web browser on any computer with the Shockwave Player plug-in installed.
A memory corruption vulnerability has been discovered in Adobe Shockwave Player. The vulnerability can be triggered by a crafted file. Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the current user.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Apr 10, 2019
Users should apply the solution provided by Adobe.
Fortinet reported the vulnerability to Adobe on Feb. 27, 2019.
Adobe confirmed the vulnerability on Mar. 28, 2019.
Adobe released patch for the vulnerability on Apr. 9, 2019.
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.