Snort

Sourcefire VRT Rules Update

Date: 2007-10-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group)

New rules:
12637 <-> WEB-CLIENT Kaspersky Online Scanner KAVWebScan.dll ActiveX clsid access (web-client.rules)
12638 <-> WEB-CLIENT Kaspersky Online Scanner KAVWebScan.dll ActiveX clsid unicode access (web-client.rules)
12639 <-> WEB-CLIENT Kaspersky Online Scanner KAVWebScan.dll ActiveX function call access (web-client.rules)
12640 <-> WEB-CLIENT Kaspersky Online Scanner KAVWebScan.dll ActiveX function call unicode access (web-client.rules)
12641 <-> POLICY Word for Mac 5 file download (policy.rules)
12643 <-> WEB-CLIENT URI External handler arbitrary command attempt (web-client.rules)
12644 <-> WEB-CLIENT PBEmail7 ActiveX clsid access (web-client.rules)
12645 <-> WEB-CLIENT PBEmail7 ActiveX clsid unicode access (web-client.rules)
12646 <-> WEB-CLIENT PBEmail7 ActiveX function call access (web-client.rules)
12647 <-> WEB-CLIENT PBEmail7 ActiveX function call unicode access (web-client.rules)
12648 <-> WEB-CLIENT DB Software Laboratory VImpX ActiveX clsid access (web-client.rules)
12649 <-> WEB-CLIENT DB Software Laboratory VImpX ActiveX clsid unicode access (web-client.rules)
12650 <-> WEB-CLIENT DB Software Laboratory VImpX ActiveX function call access (web-client.rules)
12651 <-> WEB-CLIENT DB Software Laboratory VImpX ActiveX function call unicode access (web-client.rules)

Updated rules:
12220 <-> EXPLOIT IBM Informix Dynamic Server long username (exploit.rules)
12417 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX clsid access (web-client.rules)
12418 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX clsid unicode access (web-client.rules)
12419 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX function call access (web-client.rules)
12420 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX function call unicode access (web-client.rules)
12618 <-> WEB-CLIENT Microsoft Visual Basic VBP file reference overflow attempt (web-client.rules)
12631 <-> EXPLOIT Microsoft Kodak Imaging malformed jpeg tables (exploit.rules)
12632 <-> EXPLOIT Microsoft Kodak Imaging malformed jpeg tables (exploit.rules)
12633 <-> EXPLOIT Microsoft Kodak Imaging malformed tiff (exploit.rules)
12634 <-> EXPLOIT Microsoft Kodak Imaging malformed tiff (exploit.rules)