Think you have a false positive on this rule?

Sid 1-51225

Message

FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt

Summary

This event is generated when an attempt to exploit an ATF parsing heap buffer overflow in Adobe Flash Player is detected.

Impact

Attempted User Privilege Gain

CVE-2016-1002:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2016-1002: Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005.

Affected systems

  • adobe air 20.0.0.233
  • adobe air 20.0.0.260
  • adobe air_sdk 20.0.0.260
  • adobe airsdk&_compiler 20.0.0.260
  • adobe flash_player 11.2.202.569
  • adobe flash_player 19.0.0.185
  • adobe flash_player 19.0.0.207
  • adobe flash_player 19.0.0.226
  • adobe flash_player 19.0.0.245
  • adobe flash_player 20.0.0.228
  • adobe flash_player 20.0.0.235
  • adobe flash_player 20.0.0.286
  • adobe flash_player 20.0.0.306
  • adobe flashplayeresr 18.0.0.329

Ease of attack

CVE-2016-1002:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • helpx.adobe.com/security/products/flash-player/apsb16-18.html