FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Multiple Adobe Products

FortiGuard Labs Threat Research Report

Affected platforms: Windows
Impacted parties:    Users of Adobe Illustrator 2020 24.2 and earlier versions, InDesign 15.1.2 and earlier versions, After Effects 17.1.1 and earlier versions, Animate 20.5 and earlier versions
Impact:                     Arbitrary Code Execution
Severity level:          Critical

This Tuesday (October 20, 2020), Adobe released a security update to address 20 vulnerabilities in 10 products. Ten of these vulnerabilities were discovered by FortiGuard Labs researchers Honggang Ren and Kexu Wang and they affected four Adobe products: Illustrator, InDesign, After Effects, and Animate. The timeline can be found in each individual zero-day vulnerability advisory below.

Adobe Illustrator is a vector graphics editor and design program. It’s used to create everything from web and mobile graphics to logos, icons, book illustrations, product packaging, etc.

Adobe InDesign is a desktop publishing and typesetting software. It is used to create works such as posters, flyers, brochures, magazines, newspapers, presentations, books, and ebooks. 

Adobe After Effects is a digital visual effects, motion graphics, and compositing application. It’s used in the post-production process of filmmaking, video games, and television production.  

Adobe Animate is a multimedia authoring and computer animation program. It’s used to design vector graphics and animation for television programs, online videos, websites, web applications, rich internet applications, etc.

The 10 vulnerabilities FortiGuard Labs discovered in these Adobe products are identified as CVE-2020-9747, CVE-2020-9748, CVE-2020-9749, CVE-2020-9750, CVE-2020-24412, CVE-2020-24413, CVE-2020-24414, CVE-2020-24415, CVE-2020-24418 and CVE-2020-24421. 

Adobe Products Vulnerabilities Overview

Due to the critical rating of these vulnerabilities, we suggest users apply the Adobe patches as soon as possible. Following are additional details for each of these vulnerabilities:

CVE-2020-9747

This Memory Corruption vulnerability exists in the decoding of FLA files (an FLA file is an animation project created by Animate) in Adobe Animate. Specifically, the vulnerability is caused by a malformed FLA file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the module Animate.exe. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted FLA file.

Fortinet already released the IPS signature Adobe.Animate.CVE-2020-9747.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9748

This Memory Corruption vulnerability exists in the decoding of FLA files in Adobe Animate. Specifically, the vulnerability is caused by a malformed FLA file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the module Animate.exe. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted FLA file.

Fortinet already released the IPS signature Adobe.Animate.CVE-2020-9748.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9749

This Memory Corruption vulnerability exists in the decoding of FLA files in Adobe Animate. Specifically, the vulnerability is caused by a malformed FLA file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the module Animate.exe. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted FLA file.

Fortinet already released the IPS signature Adobe.Animate.CVE-2020-9749.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9750

This Memory Corruption vulnerability exists in the decoding of FLA files in Adobe Animate. Specifically, the vulnerability is caused by a malformed FLA file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the module Animate.exe. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted FLA file.

Fortinet already released the IPS signature Adobe.Animate.CVE-2020-9750.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-24412

This Memory Corruption vulnerability exists in the decoding of SVG (Scalable Vector Graphics) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed SVG file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the library SVGRE.dll. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted SVG file.

Fortinet already released the IPS signature Adobe.Illustrator.CVE-2020-24412.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-24413

This Memory Corruption vulnerability exists in the decoding of SVG files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed SVG file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the library SVGRE.dll. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted SVG file.

Fortinet already released the IPS signature Adobe.Illustrator.CVE-2020-24413.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-24414

This Memory Corruption vulnerability exists in the decoding of SVG files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed SVG file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the library SVGRE.dll. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted SVG file.

Fortinet already released the IPS signature Adobe.Illustrator.CVE-2020-24414.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-24415

This Memory Corruption vulnerability exists in the decoding of SVG files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed SVG file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the library SVGRE.dll. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted SVG file.

Fortinet already released the IPS signature Adobe.Illustrator.CVE-2020-24415.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-24418

This Memory Corruption vulnerability exists in the decoding of AEPX files in Adobe After Effects (an AEPX file is a project file created by After Effects). Specifically, the vulnerability is caused by a malformed AEPX file that causes an Out of Bounds read access due to an improper bounds check. This specific vulnerability exists in the library BEE.dll

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted AEPX file.

Fortinet already released the IPS signature Adobe.After.Effects.CVE-2020-24418.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-24421

This Memory Corruption vulnerability exists in the decoding of INDD files in Adobe InDesign (an INDD file is a professional page layout project created with InDesign). Specifically, the vulnerability is caused by a malformed INDD file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the plugin Layout.rpln. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted INDD file.

Fortinet already released the IPS signature Adobe.InDesign.CVE-2020-24421.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

FortiGuard Labs is Committed to Zero-Day Vulnerability Research

FortiGuard Labs is committed to ongoing threat research and analysis to provide critical threat intelligence to our customers and the cybersecurity community. The zero-day vulnerabilities outlined in this report are part of these efforts. While FortiGate IPS customers already have updated IPS signatures for these vulnerabilities in place, we still strongly encourage all Adobe customers to apply these recently released patches as soon as possible. 

FortiGuard Labs’ dedicated zero-day vulnerability research team was formed in 2006 as a white hat team with an ethical hacking approach. The goal of this program is to harden security by discovering zero-day vulnerabilities in software/hardware before black hat attackers do. By beating attackers at their own game, FortiGuard Labs is able to provide virtual patch protection for discovered flaws—usually through IPS controls—before any patches are available.

FortiGuard Labs also has a robust responsible disclosure policy in place as part of our white hat ethical practice, meaning that any discovered zero-day vulnerability is reported to the affected vendor(s). By doing so, FortiGuard Labs has created strong relationships with vendors across a variety of industries, enabling us to work together to close security holes and harden products through proactive research. Unlike black hat or gray hat approaches of selling discovered vulnerabilities, FortiGuard Labs solely uses them to provide virtual patches to our customers using the Fortinet Security Fabric with FortiGuard subscription services. 

FortiGuard Labs continues to lead the industry in zero-day discoveries through this program. To date, we have discovered and reported over 900 vulnerabilities—from the endpoint to the cloud—broadly covering the attack surface.

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolio.

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert program, Network Security Academy program, and FortiVet program.