Think you have a false positive on this rule?

Sid 1-49731


FILE-OFFICE Microsoft Office directory traversal attempt


This event is generated when an attacker attempts to exploit a directory traversal vulnerability in Microsoft Office


Information disclosure Remote code execution

Detailed information

The rule is looking for the exploitation of the vulnerability when attempting to do directory traversal.

Affected systems

  • Microsoft Windows Sytem

Ease of attack

False positives

None known

False negatives

None known

Corrective action


  • Cisco Talos Intelligence Group

Additional References