Threat Advisory | Palo Alto Networks Emergency Path Update
July 9, 2015
Palo Alto Networks has released an emergency content update to add additional coverage for a recent 0-day vulnerability impacting Adobe Flash (CVE-2015-5119). This exploit can lead to arbitrary remote code execution by the attacker upon successful delivery and exploitation via a specially crafted Adobe Flash swf file, typically via a malicious website.
Please review the note below and ensure the default action is taken.
New Vulnerability Signatures (6)
| Severity | ID | Attack Name | CVE ID | Vendor ID | Default Action | Minimum PAN-OS Version |
| Critical | 37919 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
| Critical | 37920 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
| Critical | 37921 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
| Critical | 37922 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
| Critical | 37923 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
| Critical | 37924 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Modified Vulnerability Signatures (5)
| Severity | ID | Attack Name | CVE ID | Vendor ID | Default Action | Minimum PAN-OS Version |
| Critical | 37907 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
| Critical | 37909 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
| Critical | 37910 | Adobe Flash Player Zero Day Exploit Landing Page | CVE-2015-5119 | APSB15-16 | reset-client | 4.0.0 |
| Critical | 37911 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
| Critical | 37912 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
| Critical | 37912 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Stay Informed
Subscribe to Herjavec Group News
Take the First Step
In Transforming Your Cybersecurity Program
Enterprise security teams are adapting to meet evolving business needs. With 5 global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Herjavec Group is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.
