Zero-Day Advisory
Fortinet Discovers Adobe Animate Arbitrary Code Execution Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Adobe Animate.
Adobe Animate is a multimedia authoring and computer animation program. It is used to design vector graphics and animation for television programs, online video, websites, web applications, rich internet applications, and video games.
An out-of-bounds write vulnerability has been discovered in Adobe Animate by FortiGuard Labs. The vulnerability exists because the vulnerable software can't correctly parse a crafted FLA file. The successful exploit of this vulnerability could allow malicious users to create code execution scenarios.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Adobe.Animate.CVE-2021-21052.Arbitrary.Code.Execution
Released Dec 28, 2020
Apply the solution provided by Adobe.
Timeline
Fortinet reported the vulnerability to Adobe on December 17, 2020.
Adobe patched the vulnerability on February 9, 2021.
Acknowledgement
This vulnerability was discovered by Kexu Wang of Fortinet's FortiGuard Labs.