Think you have a false positive on this rule?

Sid 1-45403

Message

FILE-OFFICE Microsoft Word memory corruption exploit attempt

Summary

This event is generated when an attacker attempts to exploit a memory corruption vulnerability in Microsoft Word.

Impact

Potential user access to the victim's machine

Detailed information

Rule checks for a memory corruption exploit used against Microsoft Word.

Affected systems

Microsoft Word, various versions

Ease of attack

Hard

False positives

Not known

False negatives

Not known

Corrective action

Implement all patches referenced here: portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0797

Contributors

Cisco's Talos Intelligence Group

Additional References

portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0797

©2018 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.

Privacy Policy | Snort License | FAQ | Sitemap

Follow us on twitter