Zenith Live 2019 Keynotes Watch Now
Zenith Live 2019 Keynotes Watch Now

 

Security Advisory - May 21, 2015

Zscaler Protects against Multiple Security Vulnerabilities in Adobe Reader, Acrobat, Flash, and Air

 

 

 

Zscaler, working with Microsoft through their MAPPs program, has deployed protections for the following 49 vulnerabilities included in the May 2015 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.

APSB15-09 - Security updates available for Adobe Reader and Acrobat

Severity: Critical Affected Software

  • Adobe Flash Player 17.0.0.169 and earlier versions
  • Adobe Flash Player 13.0.0.281 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.457 and earlier 11.x versions
  • AIR Desktop Runtime 17.0.0.144 and earlier versions
  • AIR SDK and SDK & Compiler 17.0.0.144 and earlier versions

CVE-2015-3077 - Type Confusion in Button.filters CVE-2015-3078 - Memory corruption with large mp4 atom sizes CVE-2015-3079 - Cross domain policy bypass in Flash Player via encoded URL CVE-2015-3080 - Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap CVE-2015-3081 - Broker-based sandbox escape via timing attack against file moving CVE-2015-3082 - Broker-based sandbox escape via forward slash instead of backslash CVE-2015-3083 - Broker-based sandbox escape via unexpected directory lock CVE-2015-3084 - Adobe Flash: NetStream Missing Constructor Normal Check CVE-2015-3085 - Path Traversal Issue (Junction) vulnerability CVE-2015-3086 - Normal Check Should Verify that UserData and Destructor are null CVE-2015-3087 - Flash Player Integer Overflow in Function.apply CVE-2015-3088 - Heap Overflow in AVSS.setSubscribedTags can cause memory corruption CVE-2015-3089 - Uninitialized stack variable while parsing an MPD file can corrupt memory CVE-2015-3090 - Memory corruption with ShaderJob width and height TOCTOU condition CVE-2015-3091 - Uninitialized memory information leak when shading into a ByteArray CVE-2015-3092 - Info leak due to uninitialized registers when executing Shaders

Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

APSB15-10 - Security updates available for Adobe Reader and Acrobat

Severity: Critical Affected Software

  • Adobe Reader XI (11.0.10) and earlier 11.x versions
  • Adobe Reader X (10.1.13) and earlier 10.x versions
  • Adobe Acrobat XI (11.0.10) and earlier 11.x versions
  • Adobe Acrobat X (10.1.13) and earlier 10.x versions

CVE-2015-3046 – Adobe Reader / Acrobat Memory Corruption Issues in PRCR.X3D CVE-2015-3047 – Adobe Reader / Acrobat PRCR.X3D Invalid Indexing DoS CVE-2015-3048 – BrokerRegSetStringValue buffer overrun in AcroBroker COM service CVE-2015-3049 – Memory corruption possible via "transient array" with Type1 and OTF fonts CVE-2015-3050 – Heap-based memory corruption CVE-2015-3051 – Heap-based memory corruption CVE-2015-3052 – Memory corruption possible in CoolType `blend` operator CVE-2015-3053 – Close page action Use-After-Free Vulnerability CVE-2015-3054 – WillSave document action Use-After-Free Vulnerability CVE-2015-3055 – Fields Use-After-Free Vulnerability CVE-2015-3056 – Line Annotations Out-Of-Bounds Read Vulnerability CVE-2015-3057 – Uninitialized Pointer Vulnerability CVE-2015-3058 – Spell customDictionaryExport Information Disclosure Vulnerability CVE-2015-3059 – Text Annotations Use-After-Free Vulnerability CVE-2015-3060 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3061 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3062 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3063 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3064 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3065 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3066 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3067 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3068 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3069 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3070 – Memory corruption when parsing malformed U3D file CVE-2015-3071 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3072 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3073 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3074 – Restrictions Bypass Privileged Javascript API Execution Vulnerability CVE-2015-3075 – Vulnerability in Javascript handlng CVE-2015-3076 – Crash due to double free

Description: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system.