ゼットスケーラーのセキュリティアドバイザリ

セキュリティ アドバイザリー - August 14, 2019

Zscaler protects against 38 new vulnerabilities for Adobe Reader

Zscaler protects against 38 new vulnerabilities for Adobe Reader.

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 38 vulnerabilities included in the August 2019 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections as necessary.

APSB19-41 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Software

  • Acrobat DC (Continuous) 2019.012.20034 and earlier versions for macOS
  • Acrobat DC (Continuous) 2019.012.20035 and earlier versions for Windows
  • Acrobat Reader DC (Continuous) 2019.012.20034 and earlier versions for macOS
  • Acrobat Reader DC (Continuous) 2019.012.20035 and earlier versions for Windows
  • Acrobat DC (Classic 2017) 2017.011.30142 and earlier versions for macOS
  • Acrobat DC (Classic 2017) 2017.011.30143 and earlier versions for Windows
  • Acrobat Reader DC (Classic 2017) 2017.011.30142 and earlier versions for macOS
  • Acrobat Reader DC (Classic 2017) 2017.011.30143 and earlier versions for Windows
  • Acrobat DC (Classic 2015) 2015.006.30497 and earlier versions for macOS
  • Acrobat DC (Classic 2015) 2015.006.30498 and earlier versions for Windows
  • Acrobat Reader DC (Classic 2015) 2015.006.30497 and earlier versions for macOS
  • Acrobat Reader DC (Classic 2015) 2015.006.30498 and earlier versions for Windows

CVE-2019-7965Out-of-Bounds Write Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8003Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8005 – Out-of-Bounds Read Vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-8006 – Untrusted Pointer Dereference Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8007 – Out-of-Bounds Read Vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-8010 – Out-of-Bounds Read Vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-8012 – Out-of-Bounds Read Vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-8013 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8014 –Heap Overflow Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8015 – Heap Overflow Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8016 – Out-of-Bounds Write Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8019 – Type confusion Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8021 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-8023 – Out-of-Bounds Write Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8024 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8025 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8026 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8028 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8030 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8032 – Out-of-Bounds Read Vulnerability leading to information Disclosure.

Severity: Important

CVE-2019-8033 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8035Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-8037 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-8042 – Heap Overflow Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8051 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8053 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8054 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8055 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8057 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8058 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8059 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8061 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8094 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-8098 – Out-of-Bounds Write Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8102 – Out-of-Bounds Read Vulnerability leading to Arbitrary Code Execution.

Severity: Important

CVE-2019-8103 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-8104 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important