Zenith Live 2019 Keynotes Watch Now
Zenith Live 2019 Keynotes Watch Now

 

Security Advisory - October 16, 2019

Zscaler protects against 17 new vulnerabilities for Adobe Acrobat and Reader

 

 

 

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 17 vulnerabilities included in the October 2019 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections as necessary.

APSB19-49 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Software

  • Acrobat DC (Continuous) 2019.012.20040 and earlier versions for Windows & macOS
  • Acrobat Reader DC (Continuous) 2019.012.20040 and earlier versions for Windows & macOS
  • Acrobat 2017 (Classic 2017) 2017.011.30148 and earlier versions for Windows & macOS
  • Acrobat Reader 2017 (Classic 2017) 2017.011.30148 and earlier versions for Windows & macOS
  • Acrobat 2015 (Classic 2015) 2015.006.30503 and earlier versions for Windows & macOS
  • Acrobat Reader 2015 (Classic 2015) 2015.006.30503 and earlier versions for Windows & macOS

CVE-2019-8176 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8177 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8183 – Heap Overflow Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8184Out of Bounds Read Vulnerability leading to Information Disclosure

Severity: Important

CVE-2019-8192 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8193 – Out of Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-8198 – Out of Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-8199 – Out-of-Bounds Write Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8205 – Untrusted Pointer Dereference Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8207 – Out of Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-8209 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8211 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8213 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8215 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8217 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8219 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-8224 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical