https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/416461#M1201 <P>Hi,</P><P>&nbsp;</P><P>We've got the same issue. Please&nbsp;<SPAN class="VIiyi"><SPAN class="JLqJ4b ChMk0b"><SPAN>keep us informed</SPAN></SPAN></SPAN>&nbsp;</P><P>&nbsp;</P><P>With kind regards,<BR />ppater</P> Thu, 01 Jul 2021 10:10:31 GMT PatrickPater 2021-07-01T10:10:31Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/416362#M1198 <P>Today we are getting bombarded with reports of email issues. Digging into the reports we have a lot of users who aren't able to send PDF's and the culprit is that the attachments are getting flagged by PAN.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="evievarga_0-1625076925319.png" style="width: 539px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/34678iFC97E74A9E958EF1/image-dimensions/539x237/is-moderation-mode/true?v=v2" width="539" height="237" role="button" title="evievarga_0-1625076925319.png" alt="evievarga_0-1625076925319.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="evievarga_1-1625077009946.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/34679iEAEC70F300C54452/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="evievarga_1-1625077009946.png" alt="evievarga_1-1625077009946.png" /></span></P><P>The related CVE shows it was updated yesterday. I'm struggling to find much information about the CVE. I feel like given the volume of reports we are getting these are false positives but am not sure. Need to do more analysis on my end but am curious if other people are experiencing issues with this?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 30 Jun 2021 18:23:34 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/416362#M1198 evievarga 2021-06-30T18:23:34Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/416390#M1199 <P>I opened a case and got an official reply back that yes these are false positive detections.</P><P>&nbsp;</P><P>Thanks for contacting Palo Alto Networks Support. I understand that you believe that you have a potential False Positive case with one of our Vulnerability signatures.<BR /><BR />Our engineering team has determined that the signature in question has been exhibiting false positive behavior and they have decided to modify it. The signature will be modified in a future Apps and Threats content release. Since it has been determined that the signature is producing false positive results, you may elect to implement a threat exception. I will let you know once the content version reflecting the change is identified.</P><P>&nbsp;</P> Wed, 30 Jun 2021 21:23:30 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/416390#M1199 evievarga 2021-06-30T21:23:30Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/416461#M1201 <P>Hi,</P><P>&nbsp;</P><P>We've got the same issue. Please&nbsp;<SPAN class="VIiyi"><SPAN class="JLqJ4b ChMk0b"><SPAN>keep us informed</SPAN></SPAN></SPAN>&nbsp;</P><P>&nbsp;</P><P>With kind regards,<BR />ppater</P> Thu, 01 Jul 2021 10:10:31 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/416461#M1201 PatrickPater 2021-07-01T10:10:31Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/416669#M1202 <P>The issue is resolved in latest Content 8424.</P> Thu, 01 Jul 2021 21:37:02 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/416669#M1202 mivaldi 2021-07-01T21:37:02Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/417409#M1208 <P>Security updates available&nbsp;in Foxit Reader&nbsp;10.1.4 and Foxit PhantomPDF 10.1.4 Local attackers could&nbsp;exploit&nbsp;this&nbsp;vulnerability&nbsp;to create a symbolic link and to the logic error or improper&nbsp;handling&nbsp;of elements when working with certain&nbsp;PDF&nbsp;files.</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://www.firstcallonline.net/" target="_self">FirstCallOnline</A></P> Fri, 09 Jul 2021 05:59:28 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/cool-pdf-reader-pdf-stream-handling-buffer-overflow/m-p/417409#M1208 Leake541 2021-07-09T05:59:28Z