Sourcefire VRT Rules Update

Date: 2008-03-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.

The format of the file is:

sid - Message (rule group)

New rules:
13582 <-> WEB-CLIENT Microsoft Excel sst record arbitrary code excecution attempt (web-client.rules)
13581 <-> WEB-CLIENT Microsoft Office Web Components remote code execution attempt ActiveX clsid unicode access (web-client.rules)
13580 <-> WEB-CLIENT Microsoft Office Web Components remote code execution attempt ActiveX clsid access (web-client.rules)
13573 <-> WEB-CLIENT Microsoft Outlook arbitrary command line attempt (web-client.rules)
13572 <-> WEB-CLIENT Microsoft Powerpoint malformed shapeid arbitrary code execution attempt (web-client.rules)
13571 <-> WEB-CLIENT Microsoft Excel dval record arbitrary code excecution attempt (web-client.rules)
13570 <-> WEB-CLIENT Microsoft Excel cf record arbitrary code excecution attempt (web-client.rules)
13569 <-> WEB-CLIENT Microsoft Excel macro validation arbitrary code execution attempt (web-client.rules)
13583 <-> WEB-CLIENT Microsoft SYmbolic LinK file download request (web-client.rules)
13584 <-> WEB-CLIENT csv file download request (web-client.rules)
13585 <-> WEB-CLIENT Microsoft SYmbolic LinK file download (web-client.rules)

Updated rules:
4170 <-> WEB-CLIENT Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (web-client.rules)
4177 <-> WEB-CLIENT Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid access (web-client.rules)
7870 <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX clsid access (web-client.rules)
7871 <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX clsid unicode access (web-client.rules)
13468 <-> WEB-CLIENT Office 2000 and 2002 Web Components Data Source Control ActiveX clsid unicode access (web-client.rules)