Think you have a false positive on this rule?

Sid 1-45660

Message

BROWSER-IE Microsoft Edge scripting engine memory corruption attempt

Summary

This event is generated when scripting engine based memory corruption is attempted

Impact

Attempted Administrator Privilege Gain

CVE-2018-0858:

CVSS base score 7.5

CVSS impact score 5.9

CVSS exploitability score 1.6

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-0858: ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.

Affected systems

  • microsoft chakracore -

Ease of attack

CVE-2018-0858:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0858