Think you have a false positive on this rule?

Sid 1-44820


BROWSER-IE Microsoft Edge array use after free attempt


This event is generated when fuzzed PoC triggers use after free vuln in Microsoft Edge


Attempted User Privilege Gain


CVSS base score 3.1

CVSS impact score 1.4

CVSS exploitability score 1.6

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Detailed information

CVE-2017-11791: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834.

Affected systems

  • microsoft chakracore *
  • microsoft edge *
  • microsoft internet_explorer *

Ease of attack


Access Vector

Access Complexity


False positives

False negatives

Corrective action


  • Cisco's Talos Intelligence Group

Additional References