https://community.cisco.com/t5/network-security/ie-action-handler-overflow/m-p/557567#M90222 <HTML><HEAD></HEAD><BODY><P>Just waiting on the tuned sig - I hope, I hope, I hope. If it doesn't come soon, we'll have to filter it or turn it off.</P></BODY></HTML> Thu, 23 Mar 2006 19:07:58 GMT hendetl 2006-03-23T19:07:58Z https://community.cisco.com/t5/network-security/ie-action-handler-overflow/m-p/557566#M90221 <P>Has anyone else been seeing large occurences of this signature from what appears to be normal web application/browsing activity? No further tuning of the sig has been performed. </P> Sun, 10 Mar 2019 09:56:45 GMT https://community.cisco.com/t5/network-security/ie-action-handler-overflow/m-p/557566#M90221 mcartoz33 2019-03-10T09:56:45Z https://community.cisco.com/t5/network-security/ie-action-handler-overflow/m-p/557567#M90222 <HTML><HEAD></HEAD><BODY><P>Just waiting on the tuned sig - I hope, I hope, I hope. If it doesn't come soon, we'll have to filter it or turn it off.</P></BODY></HTML> Thu, 23 Mar 2006 19:07:58 GMT https://community.cisco.com/t5/network-security/ie-action-handler-overflow/m-p/557567#M90222 hendetl 2006-03-23T19:07:58Z https://community.cisco.com/t5/network-security/ie-action-handler-overflow/m-p/557568#M90223 <HTML><HEAD></HEAD><BODY><P>If you are seeing that signature firing, that means you or your users are browsing a web page including more than 2000 script action handlers.</P><P>That is possible but shouldn't be so common. I'd suggest to increase the Event Count value to something bigger.</P><P>The risk in this case would be to miss a real attack. </P></BODY></HTML> Fri, 24 Mar 2006 15:36:48 GMT https://community.cisco.com/t5/network-security/ie-action-handler-overflow/m-p/557568#M90223 jdal 2006-03-24T15:36:48Z