Think you have a false positive on this rule?

Sid 1-45887

Message

BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt

Summary

This event is generated when a malicious VBScript is detected in Microsoft Internet Explorer which could lead to remote code execution.

Impact

Misc activity

CVE-2018-0889:

CVSS base score

CVSS impact score

CVSS exploitability score

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed information

CVE-2018-0889: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.

Affected systems

Ease of attack

CVE-2018-0889:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0889