Think you have a false positive on this rule?

Sid 1-49732

Message

FILE-OFFICE Microsoft Office directory traversal attempt

Summary

This event is generated when an attacker attempts to exploit a directory traversal vulnerability in Microsoft Office

Impact

Information disclosure Remote code execution

Detailed information

The rule is looking for the exploitation of the vulnerability when attempting to do directory traversal.

Affected systems

  • Microsoft Windows Sytem

Ease of attack

False positives

None known

False negatives

None known

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0801