Zenith Live 2019にご参加下さい 詳細・お申込み
Zenith Live 2019にご参加下さい 詳細・お申込み

 

Security Advisory - February 12, 2019

Zscaler protects against 43 new vulnerabilities for Acrobat Reader

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 43 vulnerabilities included in the February 2019 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the February release and deploy additional protections as necessary.

APSB19-07 – Security updates available for Adobe Acrobat and Reader.

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses an important vulnerability.  Successful exploitation could lead to arbitrary code execution in the context of current user.

Affected Software

  • Acrobat DC Continuous 2019.010.20091 and earlier versions for Windows and macOS
  • Acrobat Reader DC Continuous 2019.010.20091 and earlier versions for Windows and macOS
  • Acrobat 2017 Classic 2017 2017.011.30120 and earlier versions for Windows and macOS
  • Acrobat Reader 2017 Classic 2017 2017.011.30120 and earlier versions for Windows and macOS
  • Acrobat DC Classic 2015 2015.006.30475 and earlier versions for Windows and macOS
  • Acrobat Reader DC Classic 2015 2015.006.30475 and earlier versions for Windows and macOS

CVE-2019-7046 – Untrusted Pointer Dereference vulnerability leading to Arbitrary code execution.

Severity: Critical

 CVE-2019-7047 – Out-of-Bounds vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7078 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7024 – Out-of-Bounds vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7021 – Out-of-Bounds vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7050 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7083 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7032 – Out-of-Bounds vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7082 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7064 – Out-of-Bounds vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7054 – Untrusted Pointer Dereference vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7045 – Out-of-Bounds vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7036 – Out-of-Bounds vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7027 – Out-of-Bounds Write vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7018 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7040 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7077– Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2018-19725 – Security bypass vulnerability leading to Privilege Escalation.

Severity: Critical

CVE-2019-7026 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7042 – Untrusted Pointer Dereference vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7060 – Out-of-Bounds Write vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7065 – Out-of-Bounds Read vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7063 – Out-of-Bounds Read vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7066 – Untrusted Pointer Dereference vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7057 – Out-of-Bounds Read vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7053 – Out-of-Bounds Read vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7051 – Untrusted Pointer Dereference vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7048 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7044 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7037 – Out-of-Bounds Write vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7030 – Integer Overflow vulnerability leading to Information Disclosure.

Severity: Critical

CVE-2019-7055 – Out-of-Bounds read vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7033 – Out-of-Bounds Read vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7059 – Out-of-Bounds Read vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-7035 – Out-of-Bounds Read vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-7039 –Out-of-Bounds Write vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7034 – Out-of-Bounds Read vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-7043 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7052 – Out-of-Bounds Write vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7062 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7071 – Out-of-Bounds Read vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7080 – Double Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2019-7046 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical