Think you have a false positive on this rule?

Sid 1-48403

Message

FILE-OFFICE Microsoft Outlook email rules file memory corruption attempt

Summary

This event is generated when a memory corruption attempt is detected in Microsoft Outlook rules file.

Impact

Attempted User Privilege Gain

CVE-2018-8582:

CVSS base score 8.8

CVSS impact score 5.9

CVSS exploitability score 2.8

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-8582: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.

Affected systems

  • microsoft office365proplus -
  • microsoft outlook 2010
  • microsoft outlook 2013
  • microsoft outlook 2016
  • microsoft outlook_rt 2013
  • microsoft windowsserver2019 -

Ease of attack

CVE-2018-8582:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8582