[Snort-users] False positive?

Jefferson, Shawn Shawn.Jefferson at ...14448...
Mon Apr 11 19:17:19 EDT 2011

The following site triggered SID 1:18196 WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt.


It looks to me like a false positive, in that there doesn't appear to be an exploit, but just poor web design.  Can someone with more knowledge of how this vulnerability is exploited take a look and share your thoughts?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110411/8bee0863/attachment.html>

More information about the Snort-users mailing list