FILE-EXECUTABLE -- Snort detected traffic targeting vulnerabilites that are found in or delivered through executable files, regardless of platform. In those instances, Snort is able to correct traffic that has been altered.
FILE-EXECUTABLE Microsoft Windows NTFS privilege escalation attempt
This event is generated when an executable binary which exploits CVE-2018-8411 is detected. Impact: An attacker who is able to execute the binary on a vulnerable system could elevate their privileges and read sensitive information. Details: CVE-2018-8411 manifests in the NTFS component of the Windows kernel. This rule looks for executable code the triggers this vulnerability. Ease of Attack: Medium
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2018-8411 |
Loading description
|