Think you have a false positive on this rule?

Sid 1-45616


FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt


This event is generated when, an attempt to exploit Adobe Flash Player using memory already released, is detected.


Attempted User Privilege Gain


CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

This crafted SWF file exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in the MovieClip.duplicateMovieClip function. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. CVE-2015-8412: Use-after-free vulnerability in Adobe Flash Player before and 19.x and 20.x before on Windows and OS X and before on Linux, Adobe AIR before, Adobe AIR SDK before, and Adobe AIR SDK & Compiler before allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.

Affected systems

  • adobe air
  • adobe air_sdk
  • adobe airsdk&_compiler
  • adobe flash_player
  • adobe flash_player
  • adobe flash_player
  • adobe flash_player
  • adobe flash_player
  • adobe flash_player

Ease of attack


False positives


False negatives


Corrective action

Upgrade to Adobe Flash Player or 20.0.0 to address the vulnerability


  • Cisco's Talos Intelligence Group

Additional References