Think you have a false positive on this rule?

Sid 1-48403


FILE-OFFICE Microsoft Outlook email rules file memory corruption attempt


This event is generated when a memory corruption attempt is detected in Microsoft Outlook rules file.


Attempted User Privilege Gain


CVSS base score 8.8

CVSS impact score 5.9

CVSS exploitability score 2.8

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-8582: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.

Affected systems

  • microsoft office365proplus -
  • microsoft outlook 2010
  • microsoft outlook 2013
  • microsoft outlook 2016
  • microsoft outlook_rt 2013
  • microsoft windowsserver2019 -

Ease of attack


Access Vector

Access Complexity


False positives

False negatives

Corrective action


  • Cisco's Talos Intelligence Group

Additional References