Think you have a false positive on this rule?

Sid 1-47101

Message

BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt

Summary

This event is generated when an attempt to exploit a Microsoft Edge Scripting Engine vulnerability is detected.

Impact

An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of the current user on the affected system.

Detailed information

This rule specifically detects JavaScript that is typically used to exploit this vulnerability.

Affected systems

  • Windows 10 version 1803 and prior (x86),
  • Windows 10 version 1803 and prior (x64)

Ease of attack

Medium

False positives

None known

False negatives

None known

Corrective action

Determine if the system has been patched. If it has not been, isolate and triage the system.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8275