FILE-OFFICE Microsoft Word memory corruption exploit attempt
This event is generated when an attacker attempts to exploit a memory corruption vulnerability in Microsoft Word.
Potential user access to the victim's machine
Rule checks for a memory corruption exploit used against Microsoft Word.
- Microsoft Word, various versions
Ease of attack
Implement all patches referenced here: portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0797
- Cisco's Talos Intelligence Group