[Snort-users] False positive?

Jefferson, Shawn Shawn.Jefferson at ...14448...
Mon Apr 11 19:17:19 EDT 2011


The following site triggered SID 1:18196 WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt.

hxxp://www.automagic.com/

It looks to me like a false positive, in that there doesn't appear to be an exploit, but just poor web design.  Can someone with more knowledge of how this vulnerability is exploited take a look and share your thoughts?

Shawn


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110411/8bee0863/attachment.html>


More information about the Snort-users mailing list