Think you have a false positive on this rule?

Sid 1-51224

Message

FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt

Summary

This event is generated when an attempt to exploit a buffer overflow in Adobe Flash via a crafted ATF file is detected.

Impact

Attempted User Privilege Gain

CVE-2016-1101:

CVSS base score 7.5

CVSS impact score 5.9

CVSS exploitability score 1.6

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2016-1101: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.

Affected systems

  • adobe flash_player 21.0.0.213
  • microsoft edge -
  • microsoft internet_explorer 10
  • microsoft internet_explorer 11

Ease of attack

CVE-2016-1101:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • helpx.adobe.com/security/products/flash-player/apsb16-15.html