Think you have a false positive on this rule?

Sid 1-46186

Message

FILE-OTHER TrueType Font Windows EOT font engine remote code execution attempt

Summary

This event is generated when an attacker attempts to exploit an integer overflow vulnerability present in the Windows EOT font engine.

Impact

Attempted User Privilege Gain

Detailed information

Rule checks for an attempt to trigger an integer overflow vulnerability present in the Windows EOT font engine.

Affected systems

Ease of attack

False positives

Not known

False negatives

Not known

Corrective action

Update all affected products seen here: portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-1016

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-1016