Think you have a false positive on this rule?

Sid 1-47833

Message

FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt

Summary

This event is generated when an attacker attempts to exploit a sandbox bypass vulnerability in Adobe Flash Player COM server.

Impact

Attempted User Privilege Gain

CVE-2018-15967:

CVSS base score 7.5

CVSS impact score 3.6

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Detailed information

Rule checks for attempts to exploit a sandbox bypass vulnerability in Adobe Flash Player COM server. CVE-2018-15967: Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.

Affected systems

  • adobe flash_player 31.0.0.108
  • adobe flashplayerdesktop_runtime 31.0.0.108
  • redhat enterpriselinuxdesktop 6.0
  • redhat enterpriselinuxserver 6.0
  • redhat enterpriselinuxworkstation 6.0

Ease of attack

CVE-2018-15967:

Access Vector

Access Complexity

Authentication

False positives

Not known

False negatives

Not known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • helpx.adobe.com/security/products/flash-player/APSB18-31.html