Rule Category

BROWSER-IE -- Snort has detected traffic known to exploit vulnerabilities present in the Internet Explorer browser, or products that have the Trident or Tasman engines.

Alert Message

BROWSER-IE Microsoft Internet Explorer sandbox escape attempt

Rule Explanation

This event is generated when an attacker attempts to exploit a sandbox escape vulnerability in Microsoft Windows. Impact: Attempted Administrator Privilege Gain Details: This rule checks for attempts to exploit a sandbox escape vulnerability in Microsoft Windows. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2019-1053
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'.
Details
Severity Base Score8.8
Impact Score6.0 Exploit Score2.0
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Attack VectorLOCAL
ScopeCHANGED User InteractionNONE
Authentication Ease of AccessLOW
Privileges RequiredLOW