[Snort-sigs] Lot of alerts with rule 7978
thierry.chich at ...2579...
Wed Jan 3 06:02:52 EST 2007
I have a lot of alerts with this rule "WEB-CLIENT
ShockwaveFlash.ShockwaveFlash ActiveX CLSID access ". Two url are given in
order to show how dangerous the ActiveX CLSID are. The first one describe an
exploit dating from 2002. The second one, dating from 2006 implies only a
crash of the flash plugin.
As I understand this alert, it is an alert about a potentially dangerous
practice, that could be activated when surfing on badly programmed websites.
I don't know if this could be described as a false positive, but it seems to
More information about the Snort-sigs