See: https://www.virustotal.com/nl/url/8d090075ed6e1e1e9696786a19a93fa8237153c8c225860aaa9faf5f137bdf99/analysis/1381242396/
and http://quttera.com/detailed_report/blog.daum.net
http://urlquery.net/report.php?id=6455488 versus http://urlquery.net/report.php?id=2709869
the latter scan with IDS alerts for FILE-FLASH Action InitArray stack overflow attempt
1:24889 ↔ ENABLED ↔ FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) → http://www.snort.org/search/sid/24889
for allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. (FP-prone flash rule, coming up sometimes “in drones” as a genuine attack Redkit EXPLOIT-KIT may be involved to create such an IDS alert:
On Sourcefire the format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products like Defense Centre 4.10 and 4.9.
polonus