Think you have a false positive on this rule?

Sid 1-46227

Message

FILE-PDF Microsoft Edge pdf parsing information disclosure attempt

Summary

This event is generated when Microsoft Edge parses a PDF file resulting in an inforomation disclosure attempt

Impact

Attempted reconnaisance

CVE-2018-0998:

CVSS base score 4.3

CVSS impact score 1.4

CVSS exploitability score 2.8

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Detailed information

CVE-2018-0998: An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892.

Affected systems

  • microsoft edge *

Ease of attack

CVE-2018-0998:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0998