Think you have a false positive on this rule?

Sid 1-46944

Message

BROWSER-IE Microsoft Internet Explorer memory corruption attempt

Summary

This event is generated when an attempt to exploit CVE-2018-8249 over file transport methods (such as HTTP, FTP) is detected.

Impact

Successful exploitation of this vulnerability could result in remote code execution under the user's current permissions.

Detailed information

CVE-2018-8249 is a memory corruption vulnerability in Microsoft Internet Explorer 11. Exploitation of this vulnerability could allow an attacker to execute arbitrary code remotely.

Affected systems

  • Windows 7 x86 systems running Internet Explorer 11

Ease of attack

Medium

False positives

None known

False negatives

None known

Corrective action

Install the June 2018 cumulative security update for Windows 7 x86 systems to patch this vulnerability. Systems that have not been patched and that have been exploited should be quarantined until they have been properly assessed and remediated.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8249