Think you have a false positive on this rule?

Sid 1-47534


FILE-MULTIMEDIA Adobe Flash Player malformed MP4-AVC out-of-bounds read attempt


This event is generated when an attempt to exploit a vulnerability in Adobe Flash Player, using a malicious MP4 file, is detected.




CVSS base score 7.5

CVSS impact score 3.6

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Detailed information

This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of MP4-Advanced Video Coding (AVC) processing. A malformed AVC stream within MP4 input leads to flawed computation that involves pointer offset arithmetic which does not adequately account for the buffer boundaries CVE-2018-12827: Adobe Flash Player and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Affected systems

  • adobe flash_player
  • redhat enterpriselinuxdesktop 6.0
  • redhat enterpriselinuxserver 6.0
  • redhat enterpriselinuxworkstation 6.0

Ease of attack


False positives


False negatives


Corrective action

Upgrade to the latest Standalone Flash Player version available


  • Cisco's Talos Intelligence Group

Additional References