FortiGuard Labs Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop

This past May I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2019 to the software developer, Adobe Inc. Last Tuesday (Aug 13, 2019), Adobe released several security patches to fix those issues as part of their Patch Tuesday Initiative. These vulnerabilities are identified as CVE-2019-7990, CVE-2019-7991, Continue Reading

Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Flash Player

I discovered and reported multiple critical zero-day vulnerabilities in Adobe Flash Player last November. This Tuesday, Adobe released a security patch which fixed them. These vulnerabilities are identified as CVE-2017-2984, CVE-2017-2990, and CVE-2017-2991.  CVE-2017-2984 actually fixed three issues I reported because they have the same root cause. Due to the critical Continue Reading

Fortinet Security Researcher Discovers Two Critical Vulnerabilities in Adobe Flash Player

Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities. CVE-2017-2926 This is Continue Reading

Fortinet Researchers Discover Two Critical Vulnerabilities in Adobe Acrobat and Reader 

Fortinet researchers recently discovered two critical zero-day vulnerabilities in Adobe Acrobat and Reader. They are identified as CVE-2016-6939 and CVE-2016-6948. Adobe released a patch to fix these vulnerabilities on October 6, 2016. CVE-2016-6939 This vulnerability was discovered by Kai Lu. CVE-2016-6939 is a heap overflow vulnerability. The vulnerability is caused by Continue Reading

Analysis of CVE-2016-4203 – Adobe Acrobat and Reader CoolType Handling Heap Overflow Vulnerability

Summary Recently, Adobe patched some security vulnerabilities in Adobe Acrobat and Reader. One of them is a heap buffer overflow vulnerability (CVE-2016-4203) I recently discovered. In this blog, we want to share our analysis of this vulnerability. Proof of Concept This vulnerability can be reproduced by opening the PoC file Continue Reading

Analysis of Use-After-Free Vulnerability (CVE-2016-4119) in Adobe Acrobat and Reader

SummaryRecently, Adobe patched some security vulnerabilities in Adobe Acrobat and Reader. One of them is a use-after-free vulnerability (CVE-2016-4119) discovered by Fortinet’s FortiGuard Labs. In this blog, we want to share our analysis of this vulnerability.Proof of ConceptThis vulnerability can be reproduced by opening the PDF file “PoC_decrypt.pdf” with Adobe Continue Reading