Sourcefire VRT Rules Update

Date: 2014-01-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2955.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:29230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CommunicationManager ActiveX clsid access (browser-plugins.rules)
 * 1:29233 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dutch_Dutch Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:29234 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer English_UK Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:29235 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer English_US Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:29236 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer French_French Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:29237 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer German_German Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:29238 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ICM Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:29239 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ISSimpleCommandCreator.1 ActiveX clsid access (browser-plugins.rules)
 * 1:29240 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Italian_Italian Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:29241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MidiOut Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:29242 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Mslablti.MarshalableTI.1 ActiveX clsid access (browser-plugins.rules)
 * 1:29243 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PostBootReminder object ActiveX clsid access (browser-plugins.rules)
 * 1:29244 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer QC.MessageMover.1 ActiveX clsid access (browser-plugins.rules)
 * 1:29296 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (server-webapp.rules)
 * 1:29295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules)
 * 1:29292 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules)
 * 1:29294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules)
 * 1:29291 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules)
 * 1:29289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound communication attempt (malware-cnc.rules)
 * 1:29290 <-> ENABLED <-> BLACKLIST DNS request for known malware CNC domain 003mxs.eu (blacklist.rules)
 * 1:29287 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29285 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29282 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29279 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules)
 * 1:29280 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules)
 * 1:29277 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules)
 * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules)
 * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules)
 * 1:29273 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29272 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29270 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29271 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29268 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules)
 * 1:29269 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules)
 * 1:29266 <-> DISABLED <-> SERVER-OTHER Cisco Prime Data Center Network Manager arbitrary file read attempt (server-other.rules)
 * 1:29267 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (server-webapp.rules)
 * 1:29264 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules)
 * 1:29265 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property use after free memory corruption attempt (browser-ie.rules)
 * 1:29262 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bog5151.zapto.org - Win.Trojan.Dunihi (blacklist.rules)
 * 1:29263 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kara.no-ip.info - Win.Trojan.Dunihi (blacklist.rules)
 * 1:29260 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29259 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29258 <-> DISABLED <-> BROWSER-PLUGINS Microsoft WBEM Event Subsystem ActiveX clsid access (browser-plugins.rules)
 * 1:29257 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer syncui.dll ActiveX clsid access (browser-plugins.rules)
 * 1:29256 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer clbcatq.dll ActiveX clsid access (browser-plugins.rules)
 * 1:29255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer clbcatex.dll ActiveX clsid access (browser-plugins.rules)
 * 1:29254 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WaveOut and DSound Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:29253 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WaveIn Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:29252 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WIA FileSystem USD ActiveX clsid access (browser-plugins.rules)
 * 1:29251 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WDM Instance Provider ActiveX clsid access (browser-plugins.rules)
 * 1:29250 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Effect Class Manager 2 Input ActiveX clsid access (browser-plugins.rules)
 * 1:29249 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Effect Class Manager 1 Input ActiveX clsid access (browser-plugins.rules)
 * 1:29248 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VFW Capture Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:29247 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Swedish_Default Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:29246 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Spanish_Modern Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:29245 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ShellFolder for CD Burning ActiveX clsid access (browser-plugins.rules)
 * 1:29231 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Content.mbcontent.1 ActiveX clsid access (browser-plugins.rules)
 * 1:29192 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules)
 * 1:29227 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Address Bar ActiveX clsid access (browser-plugins.rules)
 * 1:29193 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules)
 * 1:29194 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers - too many inputs (protocol-scada.rules)
 * 1:29195 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register - too many inputs (protocol-scada.rules)
 * 1:29196 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input status - too many inputs (protocol-scada.rules)
 * 1:29197 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules)
 * 1:29198 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules)
 * 1:29199 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers - too many registers (protocol-scada.rules)
 * 1:29200 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil - invalid state (protocol-scada.rules)
 * 1:29201 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules)
 * 1:29202 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules)
 * 1:29203 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo response invalid byte count (protocol-scada.rules)
 * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules)
 * 1:29205 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input registers response invalid byte count (protocol-scada.rules)
 * 1:29206 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write register response - invalid byte count (protocol-scada.rules)
 * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules)
 * 1:29213 <-> ENABLED <-> INDICATOR-OBFUSCATION potential math library debugging (indicator-obfuscation.rules)
 * 1:29214 <-> ENABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:29215 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules)
 * 1:29216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29217 <-> ENABLED <-> BLACKLIST DNS request for known malware domain 722forbidden1.sytes.net - Win.Trojan.MSIL variant outbound connection  (blacklist.rules)
 * 1:29218 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules)
 * 1:29219 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules)
 * 1:29220 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:29221 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer blnmgr clsid attempt (browser-ie.rules)
 * 1:29222 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer devenum clsid attempt (browser-ie.rules)
 * 1:29223 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer msdds clsid attempt (browser-ie.rules)
 * 1:29224 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Browser Architecture ActiveX clsid access (browser-plugins.rules)
 * 1:29225 <-> DISABLED <-> BROWSER-PLUGINS Microsoft HTML Window Security Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:29226 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ACM Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:29261 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:29278 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules)
 * 1:29283 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29288 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules)
 * 1:29229 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CLSID_CDIDeviceActionConfigPage ActiveX clsid access (browser-plugins.rules)
 * 1:29307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound communication attempt (malware-cnc.rules)
 * 1:29313 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection attempt (malware-cnc.rules)
 * 1:29306 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules)
 * 1:29305 <-> ENABLED <-> BLACKLIST DNS request for known malware domain andreypopov.mcdir.ru (blacklist.rules)
 * 1:29304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules)
 * 1:29303 <-> ENABLED <-> BLACKLIST DNS request for known malware CNC domain trasbaiana.web102.f1.k8.com.br (blacklist.rules)
 * 1:29302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound communication attempt (malware-cnc.rules)
 * 1:29232 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DiskManagement.Connection ActiveX clsid access (browser-plugins.rules)
 * 1:29301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules)
 * 1:29300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection attempt (malware-cnc.rules)
 * 1:29298 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ent.wikaba.com (blacklist.rules)
 * 1:29299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules)
 * 1:29297 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (server-webapp.rules)
 * 1:29228 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CLSID_ApprenticeICW ActiveX clsid access (browser-plugins.rules)

Modified Rules:


 * 1:15481 <-> ENABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:16035 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules)
 * 1:16289 <-> ENABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16391 <-> ENABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules)
 * 1:17261 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules)
 * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:17623 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules)
 * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 overflow attempt (netbios.rules)
 * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules)
 * 1:19657 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules)
 * 1:21444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21925 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent BOT/0.1 (blacklist.rules)
 * 1:22092 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property use after free memory corruption attempt (browser-ie.rules)
 * 1:25270 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules)
 * 1:26274 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (server-webapp.rules)
 * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant connection (malware-cnc.rules)
 * 1:28286 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules)
 * 1:28530 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar installer outbound connection attempt (pua-toolbars.rules)
 * 1:28547 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound conntection (malware-cnc.rules)
 * 1:28820 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound conntection (malware-cnc.rules)
 * 1:29040 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules)
 * 1:29106 <-> ENABLED <-> BLACKLIST DNS request for known malware domain related to Win.Trojan.SixMuch variant (blacklist.rules)
 * 1:29191 <-> DISABLED <-> INDICATOR-OBFUSCATION iFrame injection offscreen (indicator-obfuscation.rules)
 * 1:4132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer msdds clsid attempt (browser-ie.rules)
 * 1:4133 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer devenum clsid attempt (browser-ie.rules)
 * 1:4134 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer blnmgr clsid attempt (browser-ie.rules)
 * 1:7948 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Browser Architecture ActiveX clsid access (browser-plugins.rules)
 * 1:7970 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PostBootReminder object ActiveX clsid access (browser-plugins.rules)
 * 1:7976 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ShellFolder for CD Burning ActiveX clsid access (browser-plugins.rules)
 * 1:7989 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WIA FileSystem USD ActiveX clsid access (browser-plugins.rules)
 * 1:7991 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ACM Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:7993 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer clbcatex.dll ActiveX clsid access (browser-plugins.rules)
 * 1:7995 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer clbcatq.dll ActiveX clsid access (browser-plugins.rules)
 * 1:7997 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CLSID_ApprenticeICW ActiveX clsid access (browser-plugins.rules)
 * 1:7999 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CLSID_CDIDeviceActionConfigPage ActiveX clsid access (browser-plugins.rules)
 * 1:8001 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CommunicationManager ActiveX clsid access (browser-plugins.rules)
 * 1:8003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Content.mbcontent.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8005 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DiskManagement.Connection ActiveX clsid access (browser-plugins.rules)
 * 1:8007 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dutch_Dutch Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:8009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer English_UK Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:8011 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer English_US Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:8013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer French_French Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:8015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer German_German Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:8017 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ICM Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:8019 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Address Bar ActiveX clsid access (browser-plugins.rules)
 * 1:8021 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ISSimpleCommandCreator.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8023 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Italian_Italian Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:8025 <-> DISABLED <-> BROWSER-PLUGINS Microsoft HTML Window Security Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:8027 <-> DISABLED <-> BROWSER-PLUGINS Microsoft WBEM Event Subsystem ActiveX clsid access (browser-plugins.rules)
 * 1:8029 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MidiOut Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:8031 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Mslablti.MarshalableTI.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8033 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer QC.MessageMover.1 ActiveX clsid access (browser-plugins.rules)
 * 1:8035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Spanish_Modern Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:8037 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Swedish_Default Stemmer ActiveX clsid access (browser-plugins.rules)
 * 1:8039 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer syncui.dll ActiveX clsid access (browser-plugins.rules)
 * 1:8041 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VFW Capture Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:8043 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Effect Class Manager 1 Input ActiveX clsid access (browser-plugins.rules)
 * 1:8045 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Effect Class Manager 2 Input ActiveX clsid access (browser-plugins.rules)
 * 1:8047 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WaveIn Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:8049 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WaveOut and DSound Class Manager ActiveX clsid access (browser-plugins.rules)
 * 1:8051 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WDM Instance Provider ActiveX clsid access (browser-plugins.rules)