Think you have a false positive on this rule?

Sid 1-49989

Message

BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt

Summary

This event is generated when known obfuscated javascript that is often associated with malicious content is detected.

Impact

Potential Corporate Privacy Violation

CVE-2014-2820:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2014-2820: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063.

Affected systems

  • microsoft internet_explorer 6
  • microsoft internet_explorer 7
  • microsoft internet_explorer 8
  • microsoft internet_explorer 9
  • microsoft internet_explorer 10
  • microsoft internet_explorer 11

Ease of attack

CVE-2014-2820:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None Known

False negatives

None Known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • cwe.mitre.org/data/definitions/416.html
  • osvdb.org/show/osvdb/109951
  • technet.microsoft.com/en-us/security/bulletin/MS14-051