Rule Category

FILE-FLASH -- Snort has detected suspicious traffic via the Adobe Flash Player. Flash is a common target of code execution, overflow, DoS, and memory corruption attacks in particular, via swifs, action scripts, etc. Many networks block Flash altogether; the application will be deprecated in 2020.

Alert Message

FILE-FLASH Adobe Flash Player out-of-bounds read attempt

Rule Explanation

This alert occurs when an attacker attempts to exploit CVE-2019-7108. Impact: Attempted User Privilege Gain Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2019-7108
Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
Details
Severity Base Score7.5
Impact Score3.6 Exploit Score3.9
Confidentiality ImpactHIGH Integrity ImpactNONE
Availability ImpactNONE Attack VectorNETWORK
ScopeUNCHANGED User InteractionNONE
Authentication Ease of AccessLOW
Privileges RequiredNONE