Rule Category

FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.

Alert Message

FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt

Rule Explanation

This event is generated when an attempt to exploit CVE-2018-12796, a use-after-free vulnerability in Adobe Acrobat Pro, is detected over SMTP. Impact: Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. Details: Ease of Attack: Medium

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2018-12796
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Details
Severity Base Score8.8
Impact Score5.9 Exploit Score2.8
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Access Vector
Authentication Ease of Access