Think you have a false positive on this rule?

Sid 1-47141

Message

BROWSER-IE Microsoft Edge scripting engine type confusion attempt

Summary

This event is generated when a type confusion vulnerability is triggered in Microsoft Edge.

Impact

Attempted User Privilege Gain

CVE-2018-8324:

CVSS base score 4.3

CVSS impact score 1.4

CVSS exploitability score 2.8

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Detailed information

CVE-2018-8324: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325.

Affected systems

  • microsoft edge -

Ease of attack

CVE-2018-8324:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8324