Think you have a false positive on this rule?

Sid 1-50910

Message

BROWSER-IE Microsoft Edge scripting engine memory corruption attempt

Summary

This event is generated when an attacker attempts to exploit an out of bounds vulnerability present in Microsoft Edge.

Impact

Attempted User Privilege Gain

CVE-2018-0769:

CVSS base score 7.5

CVSS impact score 5.9

CVSS exploitability score 1.6

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

Rule checks for an attempt to exploit an out of bounds memory corruption vulnerability present in Microsoft Edge's scripting engine. CVE-2018-0769: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.

Affected systems

  • microsoft edge -

Ease of attack

Hard

False positives

Not known

False negatives

Not known

Corrective action

Implement the patches described here: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0769.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0769