Threat Advisory | Palo Alto Networks Emergency Path Update
July 9, 2015
Palo Alto Networks has released an emergency content update to add additional coverage for a recent 0-day vulnerability impacting Adobe Flash (CVE-2015-5119). This exploit can lead to arbitrary remote code execution by the attacker upon successful delivery and exploitation via a specially crafted Adobe Flash swf file, typically via a malicious website.
Please review the note below and ensure the default action is taken.
New Vulnerability Signatures (6)
Severity | ID | Attack Name | CVE ID | Vendor ID | Default Action | Minimum PAN-OS Version |
Critical | 37919 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Critical | 37920 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Critical | 37921 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Critical | 37922 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Critical | 37923 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Critical | 37924 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Modified Vulnerability Signatures (5)
Severity | ID | Attack Name | CVE ID | Vendor ID | Default Action | Minimum PAN-OS Version |
Critical | 37907 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Critical | 37909 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Critical | 37910 | Adobe Flash Player Zero Day Exploit Landing Page | CVE-2015-5119 | APSB15-16 | reset-client | 4.0.0 |
Critical | 37911 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Critical | 37912 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Critical | 37912 | Adobe Flash Player ByteArray Use After Free Vulnerability | CVE-2015-5119 | APSB15-16 | reset-both | 4.0.0 |
Stay Informed