Rule Category

FILE-FLASH -- Snort has detected suspicious traffic via the Adobe Flash Player. Flash is a common target of code execution, overflow, DoS, and memory corruption attacks in particular, via swifs, action scripts, etc. Many networks block Flash altogether; the application will be deprecated in 2020.

Alert Message

FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt

Rule Explanation

This event is generated when there is an attempt to exploit a same origin method execution vulnerability in Adobe Flash Player ActiveX. Impact: Base Score: 9.8 CRITICAL Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3.1 legend) Impact Score: 5.9 Exploitability Score: 3.9 Confidentiality (C): High Integrity (I): High Availability (A): High Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Rule Vulnerability

CVE Additional Information

CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
Details
SeverityHIGH Base Score10.0
Impact Score10.0 Exploit Score10.0
Confidentiality ImpactCOMPLETE Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE Access VectorNETWORK
AuthenticationNONE Ease of AccessLOW