SID 1-51792

Rule Category

BROWSER-IE -- Snort has detected traffic known to exploit vulnerabilities present in the Internet Explorer browser, or products that have the Trident or Tasman engines.

Alert Message

BROWSER-IE Microsoft Edge VBScript engine memory corruption attempt

Rule Explanation

This alert occurs when an attacker attempts to exploit CVE-2019-1238. Impact: Attempted User Privilege Gain Details: Ease of Attack:

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2019-1238

Additional Links

portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1238

Rule Vulnerability

CVE Additional Information

CVE-2019-1238

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.

Details
Severity	HIGH	Base Score	7.1
Impact Score	10.0	Exploit Score	3.9
Confidentiality Impact	COMPLETE	Integrity Impact	COMPLETE
Availability Impact	COMPLETE	Access Vector	NETWORK
Authentication	SINGLE	Ease of Access	HIGH