Think you have a false positive on this rule?

Sid 1-51081

Message

FILE-FLASH Adobe Flash player memory corruption attempt

Summary

This event is generated when an attacker attempts to exploit a memory corruption vulnerability in Adobe Flash Player.

Impact

Attempted User Privilege Gain

CVE-2015-5577:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2015-5577: Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.

Affected systems

  • adobe air 18.0.0.143
  • adobe air 18.0.0.199
  • adobe air_sdk 18.0.0.199
  • adobe airsdk&_compiler 18.0.0.180
  • adobe flash_player 11.2.202.508
  • adobe flash_player 13.0.0.289
  • adobe flash_player 14.0.0.125
  • adobe flash_player 14.0.0.145
  • adobe flash_player 14.0.0.176
  • adobe flash_player 14.0.0.179
  • adobe flash_player 15.0.0.152
  • adobe flash_player 15.0.0.167
  • adobe flash_player 15.0.0.189
  • adobe flash_player 15.0.0.223
  • adobe flash_player 15.0.0.239
  • adobe flash_player 15.0.0.246
  • adobe flash_player 16.0.0.235
  • adobe flash_player 16.0.0.257
  • adobe flash_player 16.0.0.287
  • adobe flash_player 16.0.0.296
  • adobe flash_player 17.0.0.134
  • adobe flash_player 17.0.0.169
  • adobe flash_player 17.0.0.188
  • adobe flash_player 17.0.0.190
  • adobe flash_player 17.0.0.191
  • adobe flash_player 18.0.0.160
  • adobe flash_player 18.0.0.194
  • adobe flash_player 18.0.0.203
  • adobe flash_player 18.0.0.209
  • adobe flash_player 18.0.0.232
  • google android *

Ease of attack

CVE-2015-5577:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • helpx.adobe.com/security/products/flash-player/apsb15-23.html