Think you have a false positive on this rule?

Sid 1-47100

Message

BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt

Summary

This event is generated when an attempt to exploit a Microsoft Edge Scripting Engine vulnerability is detected.

Impact

An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of the current user on the affected system.

CVE-2018-8275:

CVSS base score 7.5

CVSS impact score 5.9

CVSS exploitability score 1.6

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

This rule specifically detects JavaScript that is typically used to exploit this vulnerability. CVE-2018-8275: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301.

Affected systems

  • microsoft chakracore 1.10.0
  • microsoft edge -

Ease of attack

Medium

False positives

None known

False negatives

None known

Corrective action

Determine if the system has been patched. If it has not been, isolate and triage the system.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8275