This post is also available in: 日本語 (Japanese)
As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 threat researchers have discovered 23 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their February 2019 APSB19-07 security update release and 2 vulnerabilities addressed by the Microsoft Security Response Center (MSRC) as part of their February 2019 security update release. Severity ratings ranged from Important to Critical for each of these vulnerabilities.
| CVE | Vulnerability Name or Category | Impact | Maximum Severity Rating | Researcher(s) |
| CVE-2019-0625 | Windows Jet Database Engine improperly handles objects in memory | Remote Code Execution | Important | Bar Lahav and Gal De Leon
|
| CVE-2019-0675 | Microsoft Office Access Connectivity Engine improperly handles objects in memory | Remote Code Execution | Important | Gal De Leon and Bar Lahav
|
| CVE-2019-7025 | Use After Free | Arbitrary Code Execution | Critical | Gal De Leon |
| CVE-2019-7065 | Out-of-Bounds Read | Information Disclosure | Important | Bo Qu |
| CVE-2019-7066 | Untrusted Pointer Dereference | Arbitrary Code Execution | Critical | Bo Qu |
| CVE-2019-7068 | Use After Free
|
Arbitrary Code Execution | Critical | Bo Qu |
| CVE-2019-7026 | Use After Free | Arbitrary Code Execution | Critical | Zhibin Zhang |
| CVE-2019-7027 | Out-of-Bounds Write
|
Arbitrary Code Execution | Critical | Zhibin Zhang |
| CVE-2019-7028 | Out-of-Bounds Read | Information Disclosure | Important | Zhibin Zhang |
| CVE-2019-7082 | Use After Free | Arbitrary Code Execution | Critical | Zhibin Zhang |
| CVE-2019-7046 | Untrusted Pointer Dereference | Arbitrary Code Execution | Critical | Qi Deng |
| CVE-2019-7050 | Use After Free
|
Arbitrary Code Execution | Critical | Qi Deng |
| CVE-2019-7051 | Untrusted Pointer Dereference | Arbitrary Code Execution | Critical | Qi Deng |
| CVE-2019-7083 | Use After Free
|
Arbitrary Code Execution | Critical | Qi Deng |
| CVE-2019-7052 | Out-of-Bounds Write | Arbitrary Code Execution | Critical
|
Hui Gao |
| CVE-2019-7053 | Out-of-Bounds Read | Information Disclosure
|
Important | Hui Gao
|
| CVE-2019-7054 | Untrusted Pointer Dereference | Arbitrary Code Execution | Critical
|
Hui Gao |
| CVE-2019-7055 | Out-of-Bounds Read
|
Information Disclosure
|
Important | Zhaoyan Xu
|
| CVE-2019-7056 | Out-of-Bounds Read
|
Information Disclosure
|
Important | Zhaoyan Xu
|
| CVE-2019-7057 | Out-of-Bounds Read
|
Information Disclosure
|
Important | Zhaoyan Xu
|
| CVE-2019-7058 | Out-of-Bounds Read
|
Information Disclosure
|
Important | Zhanglin He
|
| CVE-2019-7059 | Out-of-Bounds Read
|
Information Disclosure
|
Important | Zhanglin He
|
| CVE-2019-7060 | Out-of-Bounds Write | Arbitrary Code Execution | Critical
|
Zhanglin He
|
Palo Alto Networks customers with a Threat Prevention Subscription who deploy our Next-Generation Security Platform are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities are prevented by Traps multi-layered exploit prevention capabilities. Threat prevention capabilities such as vulnerability protection with IPS and WildFire provide our customers with comprehensive protection and automatic updates against previously unknown threats.
Palo Alto Networks appreciates the recognition and credit Microsoft and Adobe has given our Unit 42 Threat Researchers. Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems with more than 200 critical vulnerabilities discovered. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government, and service provider networks.
Get updates from
Palo Alto
Networks!
Sign up to receive the latest news, cyber threat intelligence and research from us
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.