[Snort-sigs] Lot of alerts with rule 7978

Thierry CHICH thierry.chich at ...2579...
Wed Jan 3 06:02:52 EST 2007


Hello,

I have a lot of alerts with this rule "WEB-CLIENT 
ShockwaveFlash.ShockwaveFlash ActiveX CLSID access ". Two url are given in 
order to show how dangerous the ActiveX CLSID are. The first one describe an 
exploit dating from 2002. The second one, dating from 2006 implies only a 
crash of the flash plugin.

As I understand this alert, it is  an alert about a potentially dangerous 
practice, that could be activated when surfing on badly programmed websites.

I don't know if this could be  described as a false positive, but it seems to 
me.

Thierry Chich




More information about the Snort-sigs mailing list