Unit 42 Vulnerability Research Team Discovers 23 New Vulnerabilities February 2019 Disclosures – Adobe and Microsoft

By

Category: Unit 42, Unit 42

Tags: , , ,

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 threat researchers have discovered 23 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their February 2019 APSB19-07 security update release and 2 vulnerabilities addressed by the Microsoft Security Response Center (MSRC) as part of their February 2019 security update release.  Severity ratings ranged from Important to Critical for each of these vulnerabilities.

CVE Vulnerability Name or Category Impact Maximum Severity Rating Researcher(s)
CVE-2019-0625 Windows Jet Database Engine improperly handles objects in memory Remote Code Execution Important Bar Lahav and Gal De Leon

 

CVE-2019-0675 Microsoft Office Access Connectivity Engine improperly handles objects in memory Remote Code Execution Important Gal De Leon and Bar Lahav

 

CVE-2019-7025 Use After Free Arbitrary Code Execution Critical Gal De Leon
CVE-2019-7065 Out-of-Bounds Read Information Disclosure Important Bo Qu
CVE-2019-7066 Untrusted Pointer Dereference Arbitrary Code Execution Critical Bo Qu
CVE-2019-7068 Use After Free

 

Arbitrary Code Execution Critical Bo Qu
CVE-2019-7026 Use After Free Arbitrary Code Execution Critical Zhibin Zhang
CVE-2019-7027 Out-of-Bounds Write

 

Arbitrary Code Execution Critical Zhibin Zhang
CVE-2019-7028 Out-of-Bounds Read Information Disclosure Important Zhibin Zhang
CVE-2019-7082 Use After Free Arbitrary Code Execution Critical Zhibin Zhang
CVE-2019-7046 Untrusted Pointer Dereference Arbitrary Code Execution Critical Qi Deng
CVE-2019-7050 Use After Free

 

Arbitrary Code Execution Critical Qi Deng
CVE-2019-7051 Untrusted Pointer Dereference Arbitrary Code Execution Critical Qi Deng
CVE-2019-7083 Use After Free

 

Arbitrary Code Execution Critical Qi Deng
CVE-2019-7052 Out-of-Bounds Write Arbitrary Code Execution Critical

 

Hui Gao
CVE-2019-7053 Out-of-Bounds Read Information Disclosure

 

Important Hui Gao

 

CVE-2019-7054 Untrusted Pointer Dereference Arbitrary Code Execution Critical

 

Hui Gao
CVE-2019-7055 Out-of-Bounds Read

 

Information Disclosure

 

Important Zhaoyan Xu

 

CVE-2019-7056 Out-of-Bounds Read

 

Information Disclosure

 

Important Zhaoyan Xu

 

CVE-2019-7057 Out-of-Bounds Read

 

Information Disclosure

 

Important Zhaoyan Xu

 

CVE-2019-7058 Out-of-Bounds Read

 

Information Disclosure

 

Important Zhanglin He

 

CVE-2019-7059 Out-of-Bounds Read

 

Information Disclosure

 

Important Zhanglin He

 

CVE-2019-7060 Out-of-Bounds Write Arbitrary Code Execution Critical

 

Zhanglin He

 

Palo Alto Networks customers with a Threat Prevention Subscription who deploy our Next-Generation Security Platform are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities are prevented by Traps multi-layered exploit prevention capabilities. Threat prevention capabilities such as vulnerability protection with IPS and WildFire provide our customers with comprehensive protection and automatic updates against previously unknown threats.

Palo Alto Networks appreciates the recognition and credit Microsoft and Adobe has given our Unit 42 Threat Researchers. Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems with more than 200 critical vulnerabilities discovered. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government, and service provider networks.