Think you have a false positive on this rule?

Sid 1-49989


BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt


This event is generated when known obfuscated javascript that is often associated with malicious content is detected.


Potential Corporate Privacy Violation


CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2014-2820: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063.

Affected systems

  • microsoft internet_explorer 6
  • microsoft internet_explorer 7
  • microsoft internet_explorer 8
  • microsoft internet_explorer 9
  • microsoft internet_explorer 10
  • microsoft internet_explorer 11

Ease of attack


Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None Known

False negatives

None Known

Corrective action


  • Cisco's Talos Intelligence Group

Additional References