Think you have a false positive on this rule?

Sid 1-44839

Message

FILE-OFFICE Microsoft Word RTF memory corruption attempt

Summary

This event is generated when an attacker attempts to exploit an uninitialized memory use vulnerability in Microsoft Word.

Impact

Attempted User Privilege Gain

Detailed information

Rule checks for an attacker's attempt to exploit an uninitialized memory use vulnerability in Microsoft Word.

Affected systems

  • Microsoft Word

Ease of attack

False positives

Not known

False negatives

Not known

Corrective action

Implement the patches released by Microsoft for the affected software.

Contributors

  • Cisco's Talos Intelligence Group

Additional References