July 9, 2015

Threat Advisory | Palo Alto Networks Emergency Path Update

Palo Alto Networks has released an emergency content update to add additional coverage for a recent 0-day vulnerability impacting Adobe Flash (CVE-2015-5119). This exploit can lead to arbitrary remote code execution by the attacker upon successful delivery and exploitation via a specially crafted Adobe Flash swf file, typically via a malicious website.

Please review the note below and ensure the default action is taken.

New Vulnerability Signatures (6)

SeverityIDAttack NameCVE IDVendor IDDefault ActionMinimum PAN-OS Version
Critical37919Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37920Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37921Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37922Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37923Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37924Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0

Modified Vulnerability Signatures (5)

SeverityIDAttack NameCVE IDVendor IDDefault ActionMinimum PAN-OS Version
Critical37907Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37909Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37910Adobe Flash Player Zero Day Exploit Landing PageCVE-2015-5119APSB15-16reset-client4.0.0
Critical37911Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37912Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37912Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0

Stay Informed 

  rhsm-3  Follow us on Twitter

  rhsm-2  Connect with us on LinkedIn




*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes,
including information about the products, services and events selected.