Think you have a false positive on this rule?

Sid 1-46952

Message

BROWSER-IE Microsoft Internet Explorer 11 JScript use-after-free attempt

Summary

This event is generated when a user using Microsoft Internet Explorer 11 accesses a page where JavaScript modifies a variable that is reused when not handled by garbage collection.

Impact

Attempted User Privilege Gain

Detailed information

CVE-2018-8267 is a use after free vulnerability in the Jscript scripting engine (jscript.dll) of Windows. The root cause is where a VAR points to an object, and the object is freed because its not rooted in the GC.

Affected systems

  • Microsoft Internet Explorer 11.

Ease of attack

Simple, it is not known if any exploits exist for this.

False positives

None known

False negatives

None known

Corrective action

Follow corporate patching procedures to ensure Microsoft Internet Explorer is up to date.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8267