Intrusion PreventionAdobe.Flash.Cross.Domain.Request.Policy.Bypass
Description
This indicates an attack attempt to exploit a Security Bypass vulnerability in Adobe Flash Player.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted SWF file. A remote attacker may be able to exploit this to bypass security policy and send a cross domain request, via a crafted SWF file.
Affected Products
Adobe Flash Player Desktop Runtime 15.0.0.239 and earlier - Windows and Macintosh
Adobe Flash Player Extended Support Release 13.0.0.258 and earlier - Windows and Macintosh
Adobe Flash Player for Google Chrome 15.0.0.239 and earlier - Windows
Adobe Flash Player for Google Chrome 15.0.0.242 and earlier - Macintosh
Adobe Flash Player for Internet Explorer 10 and Internet Explorer 11 15.0.0.239 and earlier - Windows 8.0 and 8.1
Adobe Flash Player 11.2.202.424 and earlier - Linux
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/flash-player/apsb14-27.html
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-08-28 | 28.854 |
Modified
|
Name:Adobe. Flash. Player. Cross. Domain. Request. Policy. Bypass:Adobe. Flash. Cross. Domain. Request. Policy. Bypass |
| ID | 39772 |
| Created | Dec 12, 2014 |
| Updated | Aug 27, 2024 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 2.66% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, MacOS |
| Affected App | Adobe |
| Profile Type | Permission/Privilege/Access Control |