Sourcefire VRT Rules Update

Date: 2008-02-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.

The format of the file is:

sid - Message (rule group)

New rules:
13367 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData attempt (netbios.rules)
13368 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData little endian attempt (netbios.rules)
13369 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX attempt (netbios.rules)
13370 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX little endian attempt (netbios.rules)
13371 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData unicode attempt (netbios.rules)
13372 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX unicode attempt (netbios.rules)
13373 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData unicode little endian attempt (netbios.rules)
13374 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX unicode little endian attempt (netbios.rules)
13375 <-> NETBIOS SMB-DS spoolss GetPrinterData attempt (netbios.rules)
13376 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX attempt (netbios.rules)
13377 <-> NETBIOS SMB-DS spoolss GetPrinterData little endian attempt (netbios.rules)
13378 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX little endian attempt (netbios.rules)
13379 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode attempt (netbios.rules)
13380 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode attempt (netbios.rules)
13381 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode little endian attempt (netbios.rules)
13382 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode little endian attempt (netbios.rules)
13383 <-> NETBIOS SMB-DS spoolss GetPrinterData object call attempt (netbios.rules)
13384 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX object call attempt (netbios.rules)
13385 <-> NETBIOS SMB-DS spoolss GetPrinterData little endian object call attempt (netbios.rules)
13386 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX little endian object call attempt (netbios.rules)
13387 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode object call attempt (netbios.rules)
13388 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode object call attempt (netbios.rules)
13389 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode little endian object call attempt (netbios.rules)
13390 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode little endian object call attempt (netbios.rules)
13391 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData andx attempt (netbios.rules)
13392 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData little endian andx attempt (netbios.rules)
13393 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX andx attempt (netbios.rules)
13394 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX little endian andx attempt (netbios.rules)
13395 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData unicode andx attempt (netbios.rules)
13396 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX unicode andx attempt (netbios.rules)
13397 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData unicode little endian andx attempt (netbios.rules)
13398 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX unicode little endian andx attempt (netbios.rules)
13399 <-> NETBIOS SMB-DS spoolss GetPrinterData andx attempt (netbios.rules)
13400 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX andx attempt (netbios.rules)
13401 <-> NETBIOS SMB-DS spoolss GetPrinterData little endian andx attempt (netbios.rules)
13402 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX little endian andx attempt (netbios.rules)
13403 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode andx attempt (netbios.rules)
13404 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode andx attempt (netbios.rules)
13405 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode little endian andx attempt (netbios.rules)
13406 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode little endian andx attempt (netbios.rules)
13407 <-> NETBIOS SMB-DS spoolss GetPrinterData andx object call attempt (netbios.rules)
13408 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX andx object call attempt (netbios.rules)
13409 <-> NETBIOS SMB-DS spoolss GetPrinterData little endian andx object call attempt (netbios.rules)
13410 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX little endian andx object call attempt (netbios.rules)
13411 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode andx object call attempt (netbios.rules)
13412 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode andx object call attempt (netbios.rules)
13413 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode little endian andx object call attempt (netbios.rules)
13414 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode little endian andx object call attempt (netbios.rules)
13419 <-> WEB-CLIENT Facebook Photo Uploader ActiveX clsid access (web-client.rules)
13420 <-> WEB-CLIENT Facebook Photo Uploader ActiveX clsid unicode access (web-client.rules)
13421 <-> WEB-CLIENT Facebook Photo Uploader ActiveX function call access (web-client.rules)
13422 <-> WEB-CLIENT Facebook Photo Uploader ActiveX function call unicode access (web-client.rules)
13423 <-> WEB-CLIENT SwiftView ActiveX clsid access (web-client.rules)
13424 <-> WEB-CLIENT SwiftView ActiveX clsid unicode access (web-client.rules)

Updated rules:
 904 <-> WEB-COLDFUSION exampleapp application.cfm (web-coldfusion.rules)
 905 <-> WEB-COLDFUSION application.cfm access (web-coldfusion.rules)
 906 <-> WEB-COLDFUSION getfile.cfm access (web-coldfusion.rules)
 973 <-> WEB-IIS *.idc attempt (web-iis.rules)
 975 <-> WEB-IIS Alternate Data streams ASP file access attempt (web-iis.rules)
 984 <-> WEB-IIS JET VBA access (web-iis.rules)
 985 <-> WEB-IIS JET VBA access (web-iis.rules)
 995 <-> WEB-IIS ism.dll access (web-iis.rules)
1001 <-> WEB-MISC carbo.dll access (web-misc.rules)
1005 <-> WEB-IIS codebrowser SDK access (web-iis.rules)
1017 <-> WEB-IIS idc-srch attempt (web-iis.rules)
1019 <-> WEB-IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules)
1020 <-> WEB-IIS isc$data attempt (web-iis.rules)
1180 <-> WEB-MISC get32.exe access (web-misc.rules)
1248 <-> WEB-FRONTPAGE rad fp30reg.dll access (web-frontpage.rules)
1249 <-> WEB-FRONTPAGE frontpage rad fp4areg.dll access (web-frontpage.rules)
1423 <-> WEB-PHP content-disposition memchr overflow (web-php.rules)
1618 <-> WEB-IIS .asp chunked Transfer-Encoding (web-iis.rules)
1806 <-> WEB-IIS .htr chunked Transfer-Encoding (web-iis.rules)
1808 <-> WEB-MISC apache chunked encoding memory corruption exploit attempt (web-misc.rules)
1809 <-> WEB-MISC Apache Chunked-Encoding worm attempt (web-misc.rules)
2090 <-> WEB-IIS WEBDAV exploit attempt (web-iis.rules)
2091 <-> WEB-IIS WEBDAV nessus safe scan attempt (web-iis.rules)
2226 <-> WEB-PHP pmachine remote file include attempt (web-php.rules)
2230 <-> WEB-MISC NetGear router default password login attempt admin/password (web-misc.rules)
2278 <-> WEB-MISC client negative Content-Length attempt (web-misc.rules)
2331 <-> WEB-PHP MatrikzGB privilege escalation attempt (web-php.rules)
2381 <-> WEB-MISC schema overflow attempt (web-misc.rules)
2386 <-> WEB-IIS NTLM ASN1 vulnerability scan attempt (web-iis.rules)
2394 <-> WEB-MISC Compaq web-based management agent denial of service attempt (web-misc.rules)
2411 <-> WEB-MISC Real Server DESCRIBE buffer overflow attempt (web-misc.rules)
2442 <-> WEB-MISC Quicktime User-Agent buffer overflow attempt (web-misc.rules)
2515 <-> WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules)
2520 <-> WEB-MISC SSLv3 Client_Hello request (web-misc.rules)
2521 <-> WEB-MISC SSLv3 Server_Hello request (web-misc.rules)
2522 <-> WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules)
2582 <-> WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt (web-misc.rules)
2585 <-> WEB-MISC nessus 2.x 404 probe (web-misc.rules)
2588 <-> WEB-PHP TUTOS path disclosure attempt (web-php.rules)
2597 <-> WEB-MISC Samba SWAT Authorization overflow attempt (web-misc.rules)
2598 <-> WEB-MISC Samba SWAT Authorization port 901 overflow attempt (web-misc.rules)
2656 <-> WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt (web-misc.rules)
2657 <-> WEB-MISC SSLv2 Client_Hello with pad Challenge Length overflow attempt (web-misc.rules)
2658 <-> WEB-MISC SSLv2 Client_Hello request (web-misc.rules)
2659 <-> WEB-MISC SSLv2 Client_Hello with pad request (web-misc.rules)
2660 <-> WEB-MISC SSLv2 Server_Hello request (web-misc.rules)
2661 <-> WEB-MISC TLSv1 Client_Hello request (web-misc.rules)
2662 <-> WEB-MISC TLSv1 Server_Hello request (web-misc.rules)
2701 <-> WEB-MISC Oracle iSQLPlus sid overflow attempt (web-misc.rules)
2702 <-> WEB-MISC Oracle iSQLPlus username overflow attempt (web-misc.rules)
2703 <-> WEB-MISC Oracle iSQLPlus login.uix username overflow attempt (web-misc.rules)
2704 <-> WEB-MISC Oracle 10g iSQLPlus login.unix connectID overflow attempt (web-misc.rules)
3059 <-> WEB-MISC TLSv1 Client_Hello via SSLv2 handshake request (web-misc.rules)
3466 <-> WEB-MISC Authorization Basic overflow attempt (web-misc.rules)
3486 <-> WEB-MISC SSLv3 invalid data version attempt (web-misc.rules)
3816 <-> WEB-MISC BadBlue ext.dll buffer overflow attempt (web-misc.rules)
3822 <-> WEB-MISC Real Player realtext long URI request (web-misc.rules)
3823 <-> WEB-MISC Real Player realtext file bad version buffer overflow attempt (web-misc.rules)
4150 <-> WEB-CLIENT Outlook View OVCtl ActiveX function call access (web-client.rules)
4982 <-> WEB-CLIENT Adodb.Stream ActiveX Object Access (web-client.rules)
4983 <-> WEB-CLIENT Adodb.Stream ActiveX Object Access CreateObject Function (web-client.rules)
6403 <-> WEB-PHP horde help module arbitrary command execution attempt (web-php.rules)
6409 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
6410 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
6411 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
7027 <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
7028 <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
7029 <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
8061 <-> DELETED WEB-CLIENT ADODB.Stream ActiveX CLSID access (deleted.rules)
8062 <-> WEB-CLIENT ADODB.Stream ActiveX CLSID unicode access (web-client.rules)
8063 <-> WEB-CLIENT ADODB.Stream ActiveX function call access (web-client.rules)
8085 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl port 3443 Unix command execution attempt (web-misc.rules)
8086 <-> WEB-MISC HP Openview NNM cdpView.ovpl port 3443 Unix command execution attempt (web-misc.rules)
8087 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl port 3443 Unix command execution attempt (web-misc.rules)
8088 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt (web-misc.rules)
8089 <-> WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt (web-misc.rules)
8090 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules)
8422 <-> WEB-CLIENT Outlook View OVCtl ActiveX clsid access (web-client.rules)
8426 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules)
8427 <-> WEB-MISC SSLv3 openssl get shared ciphers overflow attempt (web-misc.rules)
8428 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules)
8441 <-> WEB-MISC McAfee header buffer overflow attempt (web-misc.rules)
8485 <-> WEB-COLDFUSION CFNEWINTERNALADMINSECURITY access (web-coldfusion.rules)
8486 <-> WEB-COLDFUSION CFNEWINTERNALREGISTRY access (web-coldfusion.rules)
8487 <-> WEB-COLDFUSION CFADMIN_REGISTRY_SET access (web-coldfusion.rules)
8488 <-> WEB-COLDFUSION CFADMIN_REGISTRY_GET access (web-coldfusion.rules)
8489 <-> WEB-COLDFUSION CFADMIN_REGISTRY_DELETE access (web-coldfusion.rules)
8490 <-> WEB-COLDFUSION viewexample.cfm access (web-coldfusion.rules)
8491 <-> WEB-COLDFUSION eval.cfm access (web-coldfusion.rules)
8492 <-> WEB-COLDFUSION openfile.cfm access (web-coldfusion.rules)
8493 <-> WEB-COLDFUSION sourcewindow.cfm access (web-coldfusion.rules)
9815 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX clsid unicode access (web-client.rules)
9816 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX function call access (web-client.rules)
9819 <-> WEB-CLIENT Outlook View OVCtl ActiveX clsid unicode access (web-client.rules)
9823 <-> WEB-CLIENT QuickTime RTSP URI overflow attempt (web-client.rules)
9824 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid access (web-client.rules)
9825 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid unicode access (web-client.rules)
9826 <-> WEB-CLIENT Rediff Bol Downloader ActiveX function call access (web-client.rules)
9840 <-> WEB-CLIENT QuickTime HREF Track Detected (web-client.rules)
9842 <-> WEB-CLIENT Adobe Acrobat Plugin Universal cross-site scripting attempt (web-client.rules)
9843 <-> WEB-CLIENT Adobe Acrobat Plugin JavaScript parameter double free attempt (web-client.rules)
9844 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - single packet (web-client.rules)
9845 <-> WEB-CLIENT M3U File Download Detected (web-client.rules)
9846 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - multipacket (web-client.rules)
9847 <-> WEB-CLIENT Outlook Saved Search download attempt (web-client.rules)
9848 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (web-client.rules)
9849 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (web-client.rules)
10013 <-> WEB-CLIENT CCRP FolderTreeView ActiveX clsid access (web-client.rules)
10014 <-> WEB-CLIENT CCRP FolderTreeView ActiveX clsid unicode access (web-client.rules)
10015 <-> WEB-CLIENT Oracle ORADC ActiveX clsid access (web-client.rules)
10016 <-> WEB-CLIENT Oracle ORADC ActiveX clsid unicode access (web-client.rules)
10017 <-> WEB-CLIENT Oracle ORADC ActiveX function call access (web-client.rules)
10062 <-> WEB-CLIENT Java Virtual Machine malformed GIF buffer overflow attempt (web-client.rules)
10063 <-> WEB-CLIENT Firefox query interface suspicious function call access attempt (web-client.rules)
10084 <-> WEB-CLIENT NCTAudioFile2 ActiveX clsid access (web-client.rules)
10085 <-> WEB-CLIENT NCTAudioFile2 ActiveX clsid unicode access (web-client.rules)
10086 <-> WEB-CLIENT NCTAudioFile2 ActiveX function call access (web-client.rules)
10115 <-> WEB-CLIENT Microsoft WMF denial of service attempt (web-client.rules)
10116 <-> WEB-CLIENT AIM GoChat URL access attempt (web-client.rules)
10128 <-> WEB-CLIENT Aliplay ActiveX clsid access (web-client.rules)
10129 <-> WEB-CLIENT Aliplay ActiveX clsid unicode access (web-client.rules)
10131 <-> WEB-CLIENT mozilla compareTo arbitrary code execution attempt (web-client.rules)
10137 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX clsid access (web-client.rules)
10138 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX clsid unicode access (web-client.rules)
10139 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX function call access (web-client.rules)
10140 <-> WEB-CLIENT Microsoft Input Method Editor 2 ActiveX clsid access (web-client.rules)
10141 <-> WEB-CLIENT Microsoft Input Method Editor 2 ActiveX clsid unicode access (web-client.rules)
10142 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX clsid access (web-client.rules)
10143 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX clsid unicode access (web-client.rules)
10144 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX function call access (web-client.rules)
10145 <-> WEB-CLIENT HTML Inline Sound Control ActiveX clsid access (web-client.rules)
10146 <-> WEB-CLIENT HTML Inline Sound Control ActiveX clsid unicode access (web-client.rules)
10147 <-> WEB-CLIENT HTML Inline Sound Control ActiveX function call access (web-client.rules)
10148 <-> WEB-CLIENT HTML Inline Movie Control ActiveX clsid access (web-client.rules)
10149 <-> WEB-CLIENT HTML Inline Movie Control ActiveX clsid unicode access (web-client.rules)
10150 <-> WEB-CLIENT HTML Inline Movie Control ActiveX function call access (web-client.rules)
10151 <-> WEB-CLIENT BlnSetUser Proxy ActiveX clsid access (web-client.rules)
10152 <-> WEB-CLIENT BlnSetUser Proxy ActiveX clsid unicode access (web-client.rules)
10153 <-> WEB-CLIENT BlnSetUser Proxy ActiveX function call access (web-client.rules)
10154 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid access (web-client.rules)
10155 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid unicode access (web-client.rules)
10156 <-> WEB-CLIENT ActiveX Soft DVD Tools ActiveX clsid access (web-client.rules)
10157 <-> WEB-CLIENT ActiveX Soft DVD Tools ActiveX clsid unicode access (web-client.rules)
10162 <-> WEB-CLIENT BrowseDialog ActiveX clsid access (web-client.rules)
10163 <-> WEB-CLIENT BrowseDialog ActiveX clsid unicode access (web-client.rules)
10170 <-> WEB-CLIENT Verisign ConfigCHK ActiveX clsid access (web-client.rules)
10171 <-> WEB-CLIENT Verisign ConfigCHK ActiveX clsid unicode access (web-client.rules)
10173 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX clsid access (web-client.rules)
10174 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX clsid unicode access (web-client.rules)
10175 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX function call access (web-client.rules)
10176 <-> WEB-CLIENT Windows Shell User Enumeration Object ActiveX clsid access (web-client.rules)
10177 <-> WEB-CLIENT Windows Shell User Enumeration Object ActiveX clsid unicode access (web-client.rules)
10178 <-> WEB-CLIENT Windows Shell User Enumeration Object ActiveX function call access (web-client.rules)
10189 <-> WEB-CLIENT DivXBrowserPlugin ActiveX clsid access (web-client.rules)
10190 <-> WEB-CLIENT DivXBrowserPlugin ActiveX clsid unicode access (web-client.rules)
10191 <-> WEB-CLIENT DivXBrowserPlugin ActiveX function call access (web-client.rules)
10192 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid access (web-client.rules)
10193 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid unicode access (web-client.rules)
10194 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call access (web-client.rules)
10214 <-> WEB-CLIENT Shockwave ActiveX Control ActiveX clsid access (web-client.rules)
10215 <-> WEB-CLIENT Shockwave ActiveX Control ActiveX clsid unicode access (web-client.rules)
10216 <-> WEB-CLIENT Shockwave ActiveX Control ActiveX function call access (web-client.rules)
10387 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid access (web-client.rules)
10388 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid unicode access (web-client.rules)
10389 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX function call access (web-client.rules)
10390 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX clsid access (web-client.rules)
10391 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX clsid unicode access (web-client.rules)
10392 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX function call access (web-client.rules)
10393 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid access (web-client.rules)
10394 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid unicode access (web-client.rules)
10395 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX function call access (web-client.rules)
10404 <-> WEB-CLIENT SignKorea SKCommAX ActiveX clsid access (web-client.rules)
10405 <-> WEB-CLIENT SignKorea SKCommAX ActiveX clsid unicode access (web-client.rules)
10406 <-> WEB-CLIENT SignKorea SKCommAX ActiveX function call access (web-client.rules)
10412 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX clsid access (web-client.rules)
10413 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX clsid unicode access (web-client.rules)
10414 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX function call access (web-client.rules)
10415 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX clsid access (web-client.rules)
10416 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX clsid unicode access (web-client.rules)
10417 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX function call access (web-client.rules)
10419 <-> WEB-CLIENT HP Mercury Quality Center SPIDERLib ActiveX clsid access (web-client.rules)
10420 <-> WEB-CLIENT HP Mercury Quality Center SPIDERLib ActiveX clsid unicode access (web-client.rules)
10421 <-> WEB-CLIENT HP Mercury Quality Center SPIDERLib ActiveX function call access (web-client.rules)
10422 <-> WEB-CLIENT HP Mercury Quality Center SPIDERLib ActiveX function call unicode access (web-client.rules)
10423 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX clsid access (web-client.rules)
10424 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX clsid unicode access (web-client.rules)
10425 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX function call access (web-client.rules)
10426 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX function call unicode access (web-client.rules)
10427 <-> WEB-CLIENT Kaspersky AntiVirus SysInfo ActiveX clsid access (web-client.rules)
10428 <-> WEB-CLIENT Kaspersky AntiVirus SysInfo ActiveX clsid unicode access (web-client.rules)
10429 <-> WEB-CLIENT Kaspersky AntiVirus SysInfo ActiveX function call access (web-client.rules)
10430 <-> WEB-CLIENT Kaspersky AntiVirus SysInfo ActiveX function call unicode access (web-client.rules)
10431 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX clsid access (web-client.rules)
10432 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX clsid unicode access (web-client.rules)
10433 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX function call access (web-client.rules)
10434 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX function call unicode access (web-client.rules)
10465 <-> WEB-CLIENT Microsoft Agent v1.5 ActiveX function call unicode access (web-client.rules)
10466 <-> WEB-CLIENT iPIX Image Well ActiveX clsid access (web-client.rules)
10467 <-> WEB-CLIENT iPIX Image Well ActiveX clsid unicode access (web-client.rules)
10468 <-> WEB-CLIENT iPIX Image Well ActiveX function call access (web-client.rules)
10469 <-> WEB-CLIENT iPIX Image Well ActiveX function call access (web-client.rules)
10470 <-> WEB-CLIENT iPIX Media Send Class ActiveX clsid access (web-client.rules)
10471 <-> WEB-CLIENT iPIX Media Send Class ActiveX clsid unicode access (web-client.rules)
10472 <-> WEB-CLIENT iPIX Media Send Class ActiveX function call access (web-client.rules)
10473 <-> WEB-CLIENT iPIX Media Send Class ActiveX function call access (web-client.rules)
10474 <-> WEB-CLIENT iPIX Media Send Class ActiveX function call unicode access (web-client.rules)
10475 <-> MISC UPNP notification type overflow attempt (misc.rules)
10476 <-> WEB-CLIENT MarkAny MaPrintModule_WORK ActiveX clsid access (web-client.rules)
10477 <-> WEB-CLIENT MarkAny MaPrintModule_WORK ActiveX clsid unicode access (web-client.rules)
10478 <-> WEB-CLIENT MarkAny MaPrintModule_WORK ActiveX function call access (web-client.rules)
10479 <-> WEB-CLIENT MarkAny MaPrintModule_WORK ActiveX function call unicode access (web-client.rules)
10978 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX clsid access (web-client.rules)
10979 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX clsid unicode access (web-client.rules)
10980 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX function call access (web-client.rules)
10981 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX function call unicode access (web-client.rules)
10982 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX clsid access (web-client.rules)
10983 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX clsid unicode access (web-client.rules)
10984 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX function call access (web-client.rules)
10985 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX function call unicode access (web-client.rules)
10986 <-> WEB-CLIENT GraceNote CDDB ActiveX clsid access (web-client.rules)
10987 <-> WEB-CLIENT GraceNote CDDB ActiveX clsid unicode access (web-client.rules)
10988 <-> WEB-CLIENT GraceNote CDDB ActiveX function call access (web-client.rules)
10989 <-> WEB-CLIENT GraceNote CDDB ActiveX function call unicode access (web-client.rules)
10991 <-> WEB-CLIENT Microgaming Download Helper ActiveX clsid access (web-client.rules)
10992 <-> WEB-CLIENT Microgaming Download Helper ActiveX clsid unicode access (web-client.rules)
10993 <-> WEB-CLIENT Microgaming Download Helper ActiveX function call access (web-client.rules)
10994 <-> WEB-CLIENT Microgaming Download Helper ActiveX function call unicode access (web-client.rules)
11176 <-> WEB-CLIENT PowerPoint Viewer ActiveX clsid access (web-client.rules)
11177 <-> WEB-CLIENT PowerPoint Viewer ActiveX clsid unicode access (web-client.rules)
11178 <-> WEB-CLIENT PowerPoint Viewer ActiveX function call access (web-client.rules)
11179 <-> WEB-CLIENT PowerPoint Viewer ActiveX function call unicode access (web-client.rules)
11180 <-> WEB-CLIENT quicktime movie ftyp buffer underflow (web-client.rules)
11181 <-> WEB-CLIENT Excel Viewer ActiveX clsid access (web-client.rules)
11182 <-> WEB-CLIENT Excel Viewer ActiveX clsid unicode access (web-client.rules)
11183 <-> WEB-CLIENT Excel Viewer ActiveX function call access (web-client.rules)
11184 <-> WEB-CLIENT Excel Viewer ActiveX function call unicode access (web-client.rules)
11187 <-> WEB-CLIENT Word Viewer ActiveX clsid access (web-client.rules)
11188 <-> WEB-CLIENT Word Viewer ActiveX clsid unicode access (web-client.rules)
11189 <-> WEB-CLIENT Word Viewer ActiveX function call access (web-client.rules)
11190 <-> WEB-CLIENT Word Viewer ActiveX function call unicode access (web-client.rules)
11197 <-> WEB-CLIENT ActiveX Soft DVD Tools ActiveX function call access (web-client.rules)
11198 <-> WEB-CLIENT ActiveX Soft DVD Tools ActiveX function call unicode access (web-client.rules)
11199 <-> WEB-CLIENT Office Viewer ActiveX clsid access (web-client.rules)
11200 <-> WEB-CLIENT Office Viewer ActiveX clsid unicode access (web-client.rules)
11201 <-> WEB-CLIENT Office Viewer ActiveX function call access (web-client.rules)
11202 <-> WEB-CLIENT Office Viewer ActiveX function call unicode access (web-client.rules)
11206 <-> WEB-CLIENT East Wind Software ADVDAUDIO ActiveX clsid access (web-client.rules)
11207 <-> WEB-CLIENT East Wind Software ADVDAUDIO ActiveX clsid unicode access (web-client.rules)
11208 <-> WEB-CLIENT East Wind Software ADVDAUDIO ActiveX function call access (web-client.rules)
11209 <-> WEB-CLIENT East Wind Software ADVDAUDIO ActiveX function call unicode access (web-client.rules)
11210 <-> WEB-CLIENT Sienzo Digital Music Mentor ActiveX clsid access (web-client.rules)
11211 <-> WEB-CLIENT Sienzo Digital Music Mentor ActiveX clsid unicode access (web-client.rules)
11212 <-> WEB-CLIENT Sienzo Digital Music Mentor ActiveX function call access (web-client.rules)
11213 <-> WEB-CLIENT Sienzo Digital Music Mentor ActiveX function call unicode access (web-client.rules)
11214 <-> WEB-CLIENT VeralSoft HTTP File Uploader ActiveX clsid access (web-client.rules)
11215 <-> WEB-CLIENT VeralSoft HTTP File Uploader ActiveX clsid unicode access (web-client.rules)
11216 <-> WEB-CLIENT VeralSoft HTTP File Uploader ActiveX function call access (web-client.rules)
11217 <-> WEB-CLIENT VeralSoft HTTP File Uploader ActiveX function call unicode access (web-client.rules)
11218 <-> WEB-CLIENT SmartCode VNC Manager ActiveX clsid access (web-client.rules)
11219 <-> WEB-CLIENT SmartCode VNC Manager ActiveX clsid unicode access (web-client.rules)
11220 <-> WEB-CLIENT SmartCode VNC Manager ActiveX function call access (web-client.rules)
11221 <-> WEB-CLIENT SmartCode VNC Manager ActiveX function call unicode access (web-client.rules)
11222 <-> SMTP Exchange MODPROPS denial of service attempt (smtp.rules)
11224 <-> WEB-CLIENT MSAuth ActiveX clsid access (web-client.rules)
11225 <-> WEB-CLIENT MSAuth ActiveX clsid unicode access (web-client.rules)
11226 <-> WEB-CLIENT MSAuth ActiveX function call access (web-client.rules)
11227 <-> WEB-CLIENT MSAuth ActiveX function call unicode access (web-client.rules)
11228 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid access (web-client.rules)
11229 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid unicode access (web-client.rules)
11230 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX clsid access (web-client.rules)
11231 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX clsid unicode access (web-client.rules)
11232 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX function call access (web-client.rules)
11233 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX function call unicode access (web-client.rules)
11234 <-> WEB-CLIENT Microsoft Cryptographic API COM 2 ActiveX clsid access (web-client.rules)
11235 <-> WEB-CLIENT Microsoft Cryptographic API COM 2 ActiveX clsid unicode access (web-client.rules)
11236 <-> WEB-CLIENT OutlookExpress.AddressBook ActiveX clsid access (web-client.rules)
11237 <-> WEB-CLIENT OutlookExpress.AddressBook ActiveX clsid unicode access (web-client.rules)
11238 <-> WEB-CLIENT OutlookExpress.AddressBook ActiveX function call unicode access (web-client.rules)
11239 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX clsid access (web-client.rules)
11240 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX clsid unicode access (web-client.rules)
11241 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX function call access (web-client.rules)
11242 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX function call unicode access (web-client.rules)
11243 <-> WEB-CLIENT DirectAnimation.DAstatics ActiveX clsid access (web-client.rules)
11244 <-> WEB-CLIENT DirectAnimation.DAstatics ActiveX clsid unicode access (web-client.rules)
11245 <-> WEB-CLIENT DirectAnimation.DAstatics ActiveX function call access (web-client.rules)
11246 <-> WEB-CLIENT DirectAnimation.DAstatics ActiveX function call unicode access (web-client.rules)
11247 <-> WEB-CLIENT Research In Motion TeamOn Import ActiveX clsid access (web-client.rules)
11248 <-> WEB-CLIENT Research In Motion TeamOn Import ActiveX clsid unicode access (web-client.rules)
11249 <-> WEB-CLIENT IE Address ActiveX clsid unicode access (web-client.rules)
11250 <-> WEB-CLIENT Sony Rootkit Uninstaller ActiveX clsid access (web-client.rules)
11251 <-> WEB-CLIENT Sony Rootkit Uninstaller ActiveX clsid unicode access (web-client.rules)
11252 <-> WEB-CLIENT IE Address ActiveX clsid access (web-client.rules)
11253 <-> WEB-CLIENT Microsoft MciWndx ActiveX clsid access (web-client.rules)
11254 <-> WEB-CLIENT Microsoft MciWndx ActiveX clsid unicode access (web-client.rules)
11255 <-> WEB-CLIENT Microsoft MciWndx ActiveX function call access (web-client.rules)
11256 <-> WEB-CLIENT Microsoft MciWndx ActiveX function call unicode access (web-client.rules)
11257 <-> WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory corruption vulnerability (web-client.rules)
11258 <-> WEB-CLIENT Excel Malformed Named Graph Information unicode overflow (web-client.rules)
11259 <-> WEB-CLIENT BarcodeWiz ActiveX clsid access (web-client.rules)
11260 <-> WEB-CLIENT BarcodeWiz ActiveX clsid unicode access (web-client.rules)
11261 <-> WEB-CLIENT BarcodeWiz ActiveX function call access (web-client.rules)
11262 <-> WEB-CLIENT BarcodeWiz ActiveX function call unicode access (web-client.rules)
11267 <-> WEB-CLIENT Adobe Photoshop PNG file handling stack buffer overflow attempt (web-client.rules)
11268 <-> WEB-CLIENT Symantec Norton AntiVirus ActiveX clsid access (web-client.rules)
11269 <-> WEB-CLIENT Symantec Norton AntiVirus ActiveX clsid unicode access (web-client.rules)
11270 <-> WEB-CLIENT Symantec Norton AntiVirus ActiveX function call access (web-client.rules)
11271 <-> WEB-CLIENT Symantec Norton AntiVirus ActiveX function call unicode access (web-client.rules)
11274 <-> WEB-CLIENT RControl ActiveX clsid access (web-client.rules)
11275 <-> WEB-CLIENT RControl ActiveX clsid unicode access (web-client.rules)
11276 <-> WEB-CLIENT GDivX Zenith Player AVI Fixer ActiveX clsid access (web-client.rules)
11277 <-> WEB-CLIENT GDivX Zenith Player AVI Fixer ActiveX clsid unicode access (web-client.rules)
11278 <-> WEB-CLIENT GDivX Zenith Player AVI Fixer ActiveX function call access (web-client.rules)
11279 <-> WEB-CLIENT GDivX Zenith Player AVI Fixer ActiveX function call unicode access (web-client.rules)
11280 <-> WEB-CLIENT FlexLabel ActiveX clsid access (web-client.rules)
11281 <-> WEB-CLIENT FlexLabel ActiveX clsid unicode access (web-client.rules)
11282 <-> WEB-CLIENT FlexLabel ActiveX function call access (web-client.rules)
11283 <-> WEB-CLIENT FlexLabel ActiveX function call unicode access (web-client.rules)
11284 <-> WEB-CLIENT AudioCDRipper ActiveX clsid access (web-client.rules)
11285 <-> WEB-CLIENT AudioCDRipper ActiveX clsid unicode access (web-client.rules)
11286 <-> WEB-CLIENT AudioCDRipper ActiveX function call access (web-client.rules)
11287 <-> WEB-CLIENT AudioCDRipper ActiveX function call unicode access (web-client.rules)
11290 <-> WEB-CLIENT Excel malformed named graph information ascii overflow (web-client.rules)
11291 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid access (web-client.rules)
11292 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid unicode access (web-client.rules)
11293 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX clsid access (web-client.rules)
11294 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX clsid unicode access (web-client.rules)
11295 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX function call access (web-client.rules)
11296 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX function call unicode access (web-client.rules)
11297 <-> WEB-CLIENT Clever Database Comparer ActiveX clsid access (web-client.rules)
11298 <-> WEB-CLIENT Clever Database Comparer ActiveX clsid unicode access (web-client.rules)
11299 <-> WEB-CLIENT Clever Database Comparer ActiveX function call access (web-client.rules)
11300 <-> WEB-CLIENT Clever Database Comparer ActiveX function call unicode access (web-client.rules)
11301 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX clsid access (web-client.rules)
11302 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX clsid unicode access (web-client.rules)
11303 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX function call access (web-client.rules)
11304 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX function call unicode access (web-client.rules)
11324 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX function call access (web-client.rules)
11325 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX function call unicode access (web-client.rules)
12064 <-> WEB-IIS w3svc _vti_bin null pointer dereference attempt (web-iis.rules)
12280 <-> WEB-CLIENT VML source file memory corruption (web-client.rules)
12281 <-> WEB-CLIENT VML source file memory corruption (web-client.rules)
12282 <-> WEB-CLIENT VML source file memory corruption (web-client.rules)