Think you have a false positive on this rule?

Sid 1-44820

Message

BROWSER-IE Microsoft Edge array use after free attempt

Summary

This event is generated when fuzzed PoC triggers use after free vuln in Microsoft Edge

Impact

Attempted User Privilege Gain

CVE-2017-11791:

CVSS base score 3.1

CVSS impact score 1.4

CVSS exploitability score 1.6

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Detailed information

CVE-2017-11791: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834.

Affected systems

  • microsoft chakracore *
  • microsoft edge *
  • microsoft internet_explorer *

Ease of attack

CVE-2017-11791:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References