FILE-FLASH -- Snort has detected suspicious traffic via the Adobe Flash Player. Flash is a common target of code execution, overflow, DoS, and memory corruption attacks in particular, via swifs, action scripts, etc. Many networks block Flash altogether; the application will be deprecated in 2020.
FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt
This event is generated when an attacker attempts to exploit an out-of-bounds read vulnerability in Adobe Flash Player.
Attempted User Privilege Gain
This rule checks for attempts to exploit an out-of-bounds read vulnerability in Adobe Flash Player.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2019-7090Flash Player Desktop Runtime versions 22.214.171.124 and earlier, Flash Player for Google Chrome versions 126.96.36.199 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 188.8.131.52 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
||Ease of Access||LOW