Threat Advisory | Palo Alto Networks Emergency Path Update

July 9, 2015

Palo Alto Networks has released an emergency content update to add additional coverage for a recent 0-day vulnerability impacting Adobe Flash (CVE-2015-5119). This exploit can lead to arbitrary remote code execution by the attacker upon successful delivery and exploitation via a specially crafted Adobe Flash swf file, typically via a malicious website.

Please review the note below and ensure the default action is taken.

New Vulnerability Signatures (6)

Severity ID Attack Name CVE ID Vendor ID Default Action Minimum PAN-OS Version
Critical 37919 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0
Critical 37920 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0
Critical 37921 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0
Critical 37922 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0
Critical 37923 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0
Critical 37924 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0

Modified Vulnerability Signatures (5)

Severity ID Attack Name CVE ID Vendor ID Default Action Minimum PAN-OS Version
Critical 37907 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0
Critical 37909 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0
Critical 37910 Adobe Flash Player Zero Day Exploit Landing Page CVE-2015-5119 APSB15-16 reset-client 4.0.0
Critical 37911 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0
Critical 37912 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0
Critical 37912 Adobe Flash Player ByteArray Use After Free Vulnerability CVE-2015-5119 APSB15-16 reset-both 4.0.0

Stay Informed 

    Follow us on Twitter

    Connect with us on LinkedIn

*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.


About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn