Threat Advisory | Palo Alto Networks Emergency Path Update

July 9, 2015

Palo Alto Networks has released an emergency content update to add additional coverage for a recent 0-day vulnerability impacting Adobe Flash (CVE-2015-5119). This exploit can lead to arbitrary remote code execution by the attacker upon successful delivery and exploitation via a specially crafted Adobe Flash swf file, typically via a malicious website.

Please review the note below and ensure the default action is taken.

New Vulnerability Signatures (6)

SeverityIDAttack NameCVE IDVendor IDDefault ActionMinimum PAN-OS Version
Critical37919Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37920Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37921Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37922Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37923Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37924Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0

Modified Vulnerability Signatures (5)

SeverityIDAttack NameCVE IDVendor IDDefault ActionMinimum PAN-OS Version
Critical37907Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37909Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37910Adobe Flash Player Zero Day Exploit Landing PageCVE-2015-5119APSB15-16reset-client4.0.0
Critical37911Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37912Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0
Critical37912Adobe Flash Player ByteArray Use After Free VulnerabilityCVE-2015-5119APSB15-16reset-both4.0.0

Stay Informed 

  rhsm-3  Follow us on Twitter

  rhsm-2  Connect with us on LinkedIn

*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.


About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn