SID 1:57388

Report a false positive

Rule Category

INDICATOR-SHELLCODE --

Alert Message

INDICATOR-SHELLCODE Microsoft Edge Chakra common type confusion placeholder value detected

Rule Explanation

This placeholder value is stored as a number but retrieved as a pointer and could potentially indicate an exploit was observed.

What To Look For

This rule will alert when a common place holder value used in Chakra exploits is observed.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

None

Additional Links

www.zerodayinitiative.com/blog/2018/8/22/floating-poison-math-in-chakra

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None

MITRE ATT&CK Framework

Tactic: Execution

Technique: User Execution

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org