Think you have a false positive on this rule?

Sid 1-51221

Message

FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt

Summary

This event is generated when an attempt to exploit a buffer overflow in Adobe Flash via a crafted ATF file is detected.

Impact

Attempted User Privilege Gain

CVE-2016-1101:

CVSS base score 7.5

CVSS impact score 5.9

CVSS exploitability score 1.6

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

CVE-2016-1102:

CVSS base score 7.5

CVSS impact score 5.9

CVSS exploitability score 1.6

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

CVE-2016-1103:

CVSS base score 7.5

CVSS impact score 5.9

CVSS exploitability score 1.6

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

CVE-2017-3078:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2016-1101: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

CVE-2016-1102: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

CVE-2016-1103: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

CVE-2017-3078: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.

Affected systems

  • adobe flash_player 21.0.0.213
  • microsoft edge -
  • microsoft internet_explorer 10
  • microsoft internet_explorer 11
  • adobe flash_player 25.0.0.171

Ease of attack

CVE-2016-1101:

Access Vector

Access Complexity

Authentication

CVE-2016-1102:

Access Vector

Access Complexity

Authentication

CVE-2016-1103:

Access Vector

Access Complexity

Authentication

CVE-2017-3078:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • helpx.adobe.com/security/products/flash-player/apsb16-15.html
  • helpx.adobe.com/security/products/flash-player/apsb17-17.html