Think you have a false positive on this rule?

Sid 1-50443

Message

FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt

Summary

This event is generated when a TIFF file that exploits the vulnerability outlined in CVE-2017-2966 is detected.

Impact

Out of bounds read

CVE-2017-2966:

CVSS base score 7.8

CVSS impact score 5.9

CVSS exploitability score 1.8

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2017-2966: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution.

Affected systems

  • adobe acrobat 11.0.18
  • adobe acrobat_dc 15.006.30244
  • adobe acrobat_dc 15.020.20042
  • adobe acrobatreaderdc 15.006.30244
  • adobe acrobatreaderdc 15.020.20042
  • adobe reader 11.0.18

Ease of attack

CVE-2017-2966:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • helpx.adobe.com/security/products/reader/apsb17-01.html