Think you have a false positive on this rule?

Sid 1-47101


BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt


This event is generated when an attempt to exploit a Microsoft Edge Scripting Engine vulnerability is detected.


An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of the current user on the affected system.

Detailed information

This rule specifically detects JavaScript that is typically used to exploit this vulnerability.

Affected systems

  • Windows 10 version 1803 and prior (x86),
  • Windows 10 version 1803 and prior (x64)

Ease of attack


False positives

None known

False negatives

None known

Corrective action

Determine if the system has been patched. If it has not been, isolate and triage the system.


  • Cisco's Talos Intelligence Group

Additional References