Think you have a false positive on this rule?

Sid 1-47533

Message

FILE-MULTIMEDIA Adobe Flash Player malformed MP4-AVC out-of-bounds read attempt

Summary

This event is generated when an attempt to exploit a vulnerability in Adobe Flash Player, using a malicious MP4 file, is detected.

Impact

High

CVE-2018-12827:

CVSS base score 7.5

CVSS impact score 3.6

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Detailed information

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of MP4-Advanced Video Coding (AVC) processing. A malformed AVC stream within MP4 input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries CVE-2018-12827: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Affected systems

  • adobe flash_player 30.0.0.154
  • redhat enterpriselinuxdesktop 6.0
  • redhat enterpriselinuxserver 6.0
  • redhat enterpriselinuxworkstation 6.0

Ease of attack

Simple

False positives

N/A

False negatives

N/A

Corrective action

Upgrade to the latest Standalone Flash Player version available

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • helpx.adobe.com/security/products/flash-player/APSB18-25.html