Sourcefire VRT Rules Update
Date: 2008-02-05
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group)
New rules: 13367 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData attempt (netbios.rules) 13368 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData little endian attempt (netbios.rules) 13369 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX attempt (netbios.rules) 13370 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX little endian attempt (netbios.rules) 13371 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData unicode attempt (netbios.rules) 13372 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX unicode attempt (netbios.rules) 13373 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData unicode little endian attempt (netbios.rules) 13374 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX unicode little endian attempt (netbios.rules) 13375 <-> NETBIOS SMB-DS spoolss GetPrinterData attempt (netbios.rules) 13376 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX attempt (netbios.rules) 13377 <-> NETBIOS SMB-DS spoolss GetPrinterData little endian attempt (netbios.rules) 13378 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX little endian attempt (netbios.rules) 13379 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode attempt (netbios.rules) 13380 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode attempt (netbios.rules) 13381 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode little endian attempt (netbios.rules) 13382 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode little endian attempt (netbios.rules) 13383 <-> NETBIOS SMB-DS spoolss GetPrinterData object call attempt (netbios.rules) 13384 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX object call attempt (netbios.rules) 13385 <-> NETBIOS SMB-DS spoolss GetPrinterData little endian object call attempt (netbios.rules) 13386 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX little endian object call attempt (netbios.rules) 13387 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode object call attempt (netbios.rules) 13388 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode object call attempt (netbios.rules) 13389 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode little endian object call attempt (netbios.rules) 13390 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode little endian object call attempt (netbios.rules) 13391 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData andx attempt (netbios.rules) 13392 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData little endian andx attempt (netbios.rules) 13393 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX andx attempt (netbios.rules) 13394 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX little endian andx attempt (netbios.rules) 13395 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData unicode andx attempt (netbios.rules) 13396 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX unicode andx attempt (netbios.rules) 13397 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData unicode little endian andx attempt (netbios.rules) 13398 <-> NETBIOS SMB-DS v4 spoolss GetPrinterData WriteAndX unicode little endian andx attempt (netbios.rules) 13399 <-> NETBIOS SMB-DS spoolss GetPrinterData andx attempt (netbios.rules) 13400 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX andx attempt (netbios.rules) 13401 <-> NETBIOS SMB-DS spoolss GetPrinterData little endian andx attempt (netbios.rules) 13402 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX little endian andx attempt (netbios.rules) 13403 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode andx attempt (netbios.rules) 13404 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode andx attempt (netbios.rules) 13405 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode little endian andx attempt (netbios.rules) 13406 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode little endian andx attempt (netbios.rules) 13407 <-> NETBIOS SMB-DS spoolss GetPrinterData andx object call attempt (netbios.rules) 13408 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX andx object call attempt (netbios.rules) 13409 <-> NETBIOS SMB-DS spoolss GetPrinterData little endian andx object call attempt (netbios.rules) 13410 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX little endian andx object call attempt (netbios.rules) 13411 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode andx object call attempt (netbios.rules) 13412 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode andx object call attempt (netbios.rules) 13413 <-> NETBIOS SMB-DS spoolss GetPrinterData unicode little endian andx object call attempt (netbios.rules) 13414 <-> NETBIOS SMB-DS spoolss GetPrinterData WriteAndX unicode little endian andx object call attempt (netbios.rules) 13415 <-> EXPLOIT CA BrightStor cheyenneds mailslot overflow (exploit.rules) 13419 <-> WEB-CLIENT Facebook Photo Uploader ActiveX clsid access (web-client.rules) 13420 <-> WEB-CLIENT Facebook Photo Uploader ActiveX clsid unicode access (web-client.rules) 13421 <-> WEB-CLIENT Facebook Photo Uploader ActiveX function call access (web-client.rules) 13422 <-> WEB-CLIENT Facebook Photo Uploader ActiveX function call unicode access (web-client.rules) 13423 <-> WEB-CLIENT SwiftView ActiveX clsid access (web-client.rules) 13424 <-> WEB-CLIENT SwiftView ActiveX clsid unicode access (web-client.rules) Updated rules: 904 <-> WEB-COLDFUSION exampleapp application.cfm (web-coldfusion.rules) 905 <-> WEB-COLDFUSION application.cfm access (web-coldfusion.rules) 906 <-> WEB-COLDFUSION getfile.cfm access (web-coldfusion.rules) 973 <-> WEB-IIS *.idc attempt (web-iis.rules) 975 <-> WEB-IIS Alternate Data streams ASP file access attempt (web-iis.rules) 984 <-> WEB-IIS JET VBA access (web-iis.rules) 985 <-> WEB-IIS JET VBA access (web-iis.rules) 995 <-> WEB-IIS ism.dll access (web-iis.rules) 1001 <-> WEB-MISC carbo.dll access (web-misc.rules) 1005 <-> WEB-IIS codebrowser SDK access (web-iis.rules) 1017 <-> WEB-IIS idc-srch attempt (web-iis.rules) 1019 <-> WEB-IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules) 1020 <-> WEB-IIS isc$data attempt (web-iis.rules) 1180 <-> WEB-MISC get32.exe access (web-misc.rules) 1248 <-> WEB-FRONTPAGE rad fp30reg.dll access (web-frontpage.rules) 1249 <-> WEB-FRONTPAGE frontpage rad fp4areg.dll access (web-frontpage.rules) 1423 <-> WEB-PHP content-disposition memchr overflow (web-php.rules) 1618 <-> WEB-IIS .asp chunked Transfer-Encoding (web-iis.rules) 1806 <-> WEB-IIS .htr chunked Transfer-Encoding (web-iis.rules) 1808 <-> WEB-MISC apache chunked encoding memory corruption exploit attempt (web-misc.rules) 1809 <-> WEB-MISC Apache Chunked-Encoding worm attempt (web-misc.rules) 2090 <-> WEB-IIS WEBDAV exploit attempt (web-iis.rules) 2091 <-> WEB-IIS WEBDAV nessus safe scan attempt (web-iis.rules) 2226 <-> WEB-PHP pmachine remote file include attempt (web-php.rules) 2230 <-> WEB-MISC NetGear router default password login attempt admin/password (web-misc.rules) 2278 <-> WEB-MISC client negative Content-Length attempt (web-misc.rules) 2331 <-> WEB-PHP MatrikzGB privilege escalation attempt (web-php.rules) 2381 <-> WEB-MISC schema overflow attempt (web-misc.rules) 2386 <-> WEB-IIS NTLM ASN1 vulnerability scan attempt (web-iis.rules) 2394 <-> WEB-MISC Compaq web-based management agent denial of service attempt (web-misc.rules) 2411 <-> WEB-MISC Real Server DESCRIBE buffer overflow attempt (web-misc.rules) 2442 <-> WEB-MISC Quicktime User-Agent buffer overflow attempt (web-misc.rules) 2515 <-> WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules) 2520 <-> WEB-MISC SSLv3 Client_Hello request (web-misc.rules) 2521 <-> WEB-MISC SSLv3 Server_Hello request (web-misc.rules) 2522 <-> WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules) 2582 <-> WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt (web-misc.rules) 2585 <-> WEB-MISC nessus 2.x 404 probe (web-misc.rules) 2588 <-> WEB-PHP TUTOS path disclosure attempt (web-php.rules) 2597 <-> WEB-MISC Samba SWAT Authorization overflow attempt (web-misc.rules) 2598 <-> WEB-MISC Samba SWAT Authorization port 901 overflow attempt (web-misc.rules) 2656 <-> WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt (web-misc.rules) 2657 <-> WEB-MISC SSLv2 Client_Hello with pad Challenge Length overflow attempt (web-misc.rules) 2658 <-> WEB-MISC SSLv2 Client_Hello request (web-misc.rules) 2659 <-> WEB-MISC SSLv2 Client_Hello with pad request (web-misc.rules) 2660 <-> WEB-MISC SSLv2 Server_Hello request (web-misc.rules) 2661 <-> WEB-MISC TLSv1 Client_Hello request (web-misc.rules) 2662 <-> WEB-MISC TLSv1 Server_Hello request (web-misc.rules) 2701 <-> WEB-MISC Oracle iSQLPlus sid overflow attempt (web-misc.rules) 2702 <-> WEB-MISC Oracle iSQLPlus username overflow attempt (web-misc.rules) 2703 <-> WEB-MISC Oracle iSQLPlus login.uix username overflow attempt (web-misc.rules) 2704 <-> WEB-MISC Oracle 10g iSQLPlus login.unix connectID overflow attempt (web-misc.rules) 3059 <-> WEB-MISC TLSv1 Client_Hello via SSLv2 handshake request (web-misc.rules) 3466 <-> WEB-MISC Authorization Basic overflow attempt (web-misc.rules) 3486 <-> WEB-MISC SSLv3 invalid data version attempt (web-misc.rules) 3816 <-> WEB-MISC BadBlue ext.dll buffer overflow attempt (web-misc.rules) 3822 <-> WEB-MISC Real Player realtext long URI request (web-misc.rules) 3823 <-> WEB-MISC Real Player realtext file bad version buffer overflow attempt (web-misc.rules) 4150 <-> WEB-CLIENT Outlook View OVCtl ActiveX function call access (web-client.rules) 4982 <-> WEB-CLIENT Adodb.Stream ActiveX Object Access (web-client.rules) 4983 <-> WEB-CLIENT Adodb.Stream ActiveX Object Access CreateObject Function (web-client.rules) 6403 <-> WEB-PHP horde help module arbitrary command execution attempt (web-php.rules) 6409 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules) 6410 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules) 6411 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules) 7027 <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules) 7028 <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules) 7029 <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules) 8061 <-> DELETED WEB-CLIENT ADODB.Stream ActiveX CLSID access (deleted.rules) 8062 <-> WEB-CLIENT ADODB.Stream ActiveX CLSID unicode access (web-client.rules) 8063 <-> WEB-CLIENT ADODB.Stream ActiveX function call access (web-client.rules) 8085 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl port 3443 Unix command execution attempt (web-misc.rules) 8086 <-> WEB-MISC HP Openview NNM cdpView.ovpl port 3443 Unix command execution attempt (web-misc.rules) 8087 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl port 3443 Unix command execution attempt (web-misc.rules) 8088 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt (web-misc.rules) 8089 <-> WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt (web-misc.rules) 8090 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules) 8422 <-> WEB-CLIENT Outlook View OVCtl ActiveX clsid access (web-client.rules) 8426 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules) 8427 <-> WEB-MISC SSLv3 openssl get shared ciphers overflow attempt (web-misc.rules) 8428 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules) 8441 <-> WEB-MISC McAfee header buffer overflow attempt (web-misc.rules) 8485 <-> WEB-COLDFUSION CFNEWINTERNALADMINSECURITY access (web-coldfusion.rules) 8486 <-> WEB-COLDFUSION CFNEWINTERNALREGISTRY access (web-coldfusion.rules) 8487 <-> WEB-COLDFUSION CFADMIN_REGISTRY_SET access (web-coldfusion.rules) 8488 <-> WEB-COLDFUSION CFADMIN_REGISTRY_GET access (web-coldfusion.rules) 8489 <-> WEB-COLDFUSION CFADMIN_REGISTRY_DELETE access (web-coldfusion.rules) 8490 <-> WEB-COLDFUSION viewexample.cfm access (web-coldfusion.rules) 8491 <-> WEB-COLDFUSION eval.cfm access (web-coldfusion.rules) 8492 <-> WEB-COLDFUSION openfile.cfm access (web-coldfusion.rules) 8493 <-> WEB-COLDFUSION sourcewindow.cfm access (web-coldfusion.rules) 9815 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX clsid unicode access (web-client.rules) 9816 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX function call access (web-client.rules) 9819 <-> WEB-CLIENT Outlook View OVCtl ActiveX clsid unicode access (web-client.rules) 9823 <-> WEB-CLIENT QuickTime RTSP URI overflow attempt (web-client.rules) 9824 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid access (web-client.rules) 9825 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid unicode access (web-client.rules) 9826 <-> WEB-CLIENT Rediff Bol Downloader ActiveX function call access (web-client.rules) 9840 <-> WEB-CLIENT QuickTime HREF Track Detected (web-client.rules) 9842 <-> WEB-CLIENT Adobe Acrobat Plugin Universal cross-site scripting attempt (web-client.rules) 9843 <-> WEB-CLIENT Adobe Acrobat Plugin JavaScript parameter double free attempt (web-client.rules) 9844 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - single packet (web-client.rules) 9845 <-> WEB-CLIENT M3U File Download Detected (web-client.rules) 9846 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - multipacket (web-client.rules) 9847 <-> WEB-CLIENT Outlook Saved Search download attempt (web-client.rules) 9848 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (web-client.rules) 9849 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (web-client.rules) 10013 <-> WEB-CLIENT CCRP FolderTreeView ActiveX clsid access (web-client.rules) 10014 <-> WEB-CLIENT CCRP FolderTreeView ActiveX clsid unicode access (web-client.rules) 10015 <-> WEB-CLIENT Oracle ORADC ActiveX clsid access (web-client.rules) 10016 <-> WEB-CLIENT Oracle ORADC ActiveX clsid unicode access (web-client.rules) 10017 <-> WEB-CLIENT Oracle ORADC ActiveX function call access (web-client.rules) 10062 <-> WEB-CLIENT Java Virtual Machine malformed GIF buffer overflow attempt (web-client.rules) 10063 <-> WEB-CLIENT Firefox query interface suspicious function call access attempt (web-client.rules) 10084 <-> WEB-CLIENT NCTAudioFile2 ActiveX clsid access (web-client.rules) 10085 <-> WEB-CLIENT NCTAudioFile2 ActiveX clsid unicode access (web-client.rules) 10086 <-> WEB-CLIENT NCTAudioFile2 ActiveX function call access (web-client.rules) 10115 <-> WEB-CLIENT Microsoft WMF denial of service attempt (web-client.rules) 10116 <-> WEB-CLIENT AIM GoChat URL access attempt (web-client.rules) 10128 <-> WEB-CLIENT Aliplay ActiveX clsid access (web-client.rules) 10129 <-> WEB-CLIENT Aliplay ActiveX clsid unicode access (web-client.rules) 10131 <-> WEB-CLIENT mozilla compareTo arbitrary code execution attempt (web-client.rules) 10137 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX clsid access (web-client.rules) 10138 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX clsid unicode access (web-client.rules) 10139 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX function call access (web-client.rules) 10140 <-> WEB-CLIENT Microsoft Input Method Editor 2 ActiveX clsid access (web-client.rules) 10141 <-> WEB-CLIENT Microsoft Input Method Editor 2 ActiveX clsid unicode access (web-client.rules) 10142 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX clsid access (web-client.rules) 10143 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX clsid unicode access (web-client.rules) 10144 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX function call access (web-client.rules) 10145 <-> WEB-CLIENT HTML Inline Sound Control ActiveX clsid access (web-client.rules) 10146 <-> WEB-CLIENT HTML Inline Sound Control ActiveX clsid unicode access (web-client.rules) 10147 <-> WEB-CLIENT HTML Inline Sound Control ActiveX function call access (web-client.rules) 10148 <-> WEB-CLIENT HTML Inline Movie Control ActiveX clsid access (web-client.rules) 10149 <-> WEB-CLIENT HTML Inline Movie Control ActiveX clsid unicode access (web-client.rules) 10150 <-> WEB-CLIENT HTML Inline Movie Control ActiveX function call access (web-client.rules) 10151 <-> WEB-CLIENT BlnSetUser Proxy ActiveX clsid access (web-client.rules) 10152 <-> WEB-CLIENT BlnSetUser Proxy ActiveX clsid unicode access (web-client.rules) 10153 <-> WEB-CLIENT BlnSetUser Proxy ActiveX function call access (web-client.rules) 10154 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid access (web-client.rules) 10155 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid unicode access (web-client.rules) 10156 <-> WEB-CLIENT ActiveX Soft DVD Tools ActiveX clsid access (web-client.rules) 10157 <-> WEB-CLIENT ActiveX Soft DVD Tools ActiveX clsid unicode access (web-client.rules) 10162 <-> WEB-CLIENT BrowseDialog ActiveX clsid access (web-client.rules) 10163 <-> WEB-CLIENT BrowseDialog ActiveX clsid unicode access (web-client.rules) 10170 <-> WEB-CLIENT Verisign ConfigCHK ActiveX clsid access (web-client.rules) 10171 <-> WEB-CLIENT Verisign ConfigCHK ActiveX clsid unicode access (web-client.rules) 10173 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX clsid access (web-client.rules) 10174 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX clsid unicode access (web-client.rules) 10175 <-> WEB-CLIENT Trend Micro OfficeScan Client ActiveX function call access (web-client.rules) 10176 <-> WEB-CLIENT Windows Shell User Enumeration Object ActiveX clsid access (web-client.rules) 10177 <-> WEB-CLIENT Windows Shell User Enumeration Object ActiveX clsid unicode access (web-client.rules) 10178 <-> WEB-CLIENT Windows Shell User Enumeration Object ActiveX function call access (web-client.rules) 10189 <-> WEB-CLIENT DivXBrowserPlugin ActiveX clsid access (web-client.rules) 10190 <-> WEB-CLIENT DivXBrowserPlugin ActiveX clsid unicode access (web-client.rules) 10191 <-> WEB-CLIENT DivXBrowserPlugin ActiveX function call access (web-client.rules) 10192 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid access (web-client.rules) 10193 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX clsid unicode access (web-client.rules) 10194 <-> WEB-CLIENT RealPlayer Ierpplug.dll ActiveX function call access (web-client.rules) 10214 <-> WEB-CLIENT Shockwave ActiveX Control ActiveX clsid access (web-client.rules) 10215 <-> WEB-CLIENT Shockwave ActiveX Control ActiveX clsid unicode access (web-client.rules) 10216 <-> WEB-CLIENT Shockwave ActiveX Control ActiveX function call access (web-client.rules) 10387 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid access (web-client.rules) 10388 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX clsid unicode access (web-client.rules) 10389 <-> WEB-CLIENT McAfee ePolicy Orchestrator ActiveX function call access (web-client.rules) 10390 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX clsid access (web-client.rules) 10391 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX clsid unicode access (web-client.rules) 10392 <-> WEB-CLIENT Symantec Support Controls SmartIssue ActiveX function call access (web-client.rules) 10393 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid access (web-client.rules) 10394 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX clsid unicode access (web-client.rules) 10395 <-> WEB-CLIENT Symantec SupportSoft SmartIssue ActiveX function call access (web-client.rules) 10404 <-> WEB-CLIENT SignKorea SKCommAX ActiveX clsid access (web-client.rules) 10405 <-> WEB-CLIENT SignKorea SKCommAX ActiveX clsid unicode access (web-client.rules) 10406 <-> WEB-CLIENT SignKorea SKCommAX ActiveX function call access (web-client.rules) 10412 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX clsid access (web-client.rules) 10413 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX clsid unicode access (web-client.rules) 10414 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader Alt CLSID ActiveX function call access (web-client.rules) 10415 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX clsid access (web-client.rules) 10416 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX clsid unicode access (web-client.rules) 10417 <-> WEB-CLIENT IBM Lotus SameTime STJNILoader ActiveX function call access (web-client.rules) 10419 <-> WEB-CLIENT HP Mercury Quality Center SPIDERLib ActiveX clsid access (web-client.rules) 10420 <-> WEB-CLIENT HP Mercury Quality Center SPIDERLib ActiveX clsid unicode access (web-client.rules) 10421 <-> WEB-CLIENT HP Mercury Quality Center SPIDERLib ActiveX function call access (web-client.rules) 10422 <-> WEB-CLIENT HP Mercury Quality Center SPIDERLib ActiveX function call unicode access (web-client.rules) 10423 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX clsid access (web-client.rules) 10424 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX clsid unicode access (web-client.rules) 10425 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX function call access (web-client.rules) 10426 <-> WEB-CLIENT Yahoo Audio Conferencing ActiveX function call unicode access (web-client.rules) 10427 <-> WEB-CLIENT Kaspersky AntiVirus SysInfo ActiveX clsid access (web-client.rules) 10428 <-> WEB-CLIENT Kaspersky AntiVirus SysInfo ActiveX clsid unicode access (web-client.rules) 10429 <-> WEB-CLIENT Kaspersky AntiVirus SysInfo ActiveX function call access (web-client.rules) 10430 <-> WEB-CLIENT Kaspersky AntiVirus SysInfo ActiveX function call unicode access (web-client.rules) 10431 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX clsid access (web-client.rules) 10432 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX clsid unicode access (web-client.rules) 10433 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX function call access (web-client.rules) 10434 <-> WEB-CLIENT Kaspersky AntiVirus KAV60Info ActiveX function call unicode access (web-client.rules) 10465 <-> WEB-CLIENT Microsoft Agent v1.5 ActiveX function call unicode access (web-client.rules) 10466 <-> WEB-CLIENT iPIX Image Well ActiveX clsid access (web-client.rules) 10467 <-> WEB-CLIENT iPIX Image Well ActiveX clsid unicode access (web-client.rules) 10468 <-> WEB-CLIENT iPIX Image Well ActiveX function call access (web-client.rules) 10469 <-> WEB-CLIENT iPIX Image Well ActiveX function call access (web-client.rules) 10470 <-> WEB-CLIENT iPIX Media Send Class ActiveX clsid access (web-client.rules) 10471 <-> WEB-CLIENT iPIX Media Send Class ActiveX clsid unicode access (web-client.rules) 10472 <-> WEB-CLIENT iPIX Media Send Class ActiveX function call access (web-client.rules) 10473 <-> WEB-CLIENT iPIX Media Send Class ActiveX function call access (web-client.rules) 10474 <-> WEB-CLIENT iPIX Media Send Class ActiveX function call unicode access (web-client.rules) 10475 <-> MISC UPNP notification type overflow attempt (misc.rules) 10476 <-> WEB-CLIENT MarkAny MaPrintModule_WORK ActiveX clsid access (web-client.rules) 10477 <-> WEB-CLIENT MarkAny MaPrintModule_WORK ActiveX clsid unicode access (web-client.rules) 10478 <-> WEB-CLIENT MarkAny MaPrintModule_WORK ActiveX function call access (web-client.rules) 10479 <-> WEB-CLIENT MarkAny MaPrintModule_WORK ActiveX function call unicode access (web-client.rules) 10978 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX clsid access (web-client.rules) 10979 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX clsid unicode access (web-client.rules) 10980 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX function call access (web-client.rules) 10981 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX function call unicode access (web-client.rules) 10982 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX clsid access (web-client.rules) 10983 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX clsid unicode access (web-client.rules) 10984 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX function call access (web-client.rules) 10985 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX function call unicode access (web-client.rules) 10986 <-> WEB-CLIENT GraceNote CDDB ActiveX clsid access (web-client.rules) 10987 <-> WEB-CLIENT GraceNote CDDB ActiveX clsid unicode access (web-client.rules) 10988 <-> WEB-CLIENT GraceNote CDDB ActiveX function call access (web-client.rules) 10989 <-> WEB-CLIENT GraceNote CDDB ActiveX function call unicode access (web-client.rules) 10991 <-> WEB-CLIENT Microgaming Download Helper ActiveX clsid access (web-client.rules) 10992 <-> WEB-CLIENT Microgaming Download Helper ActiveX clsid unicode access (web-client.rules) 10993 <-> WEB-CLIENT Microgaming Download Helper ActiveX function call access (web-client.rules) 10994 <-> WEB-CLIENT Microgaming Download Helper ActiveX function call unicode access (web-client.rules) 11176 <-> WEB-CLIENT PowerPoint Viewer ActiveX clsid access (web-client.rules) 11177 <-> WEB-CLIENT PowerPoint Viewer ActiveX clsid unicode access (web-client.rules) 11178 <-> WEB-CLIENT PowerPoint Viewer ActiveX function call access (web-client.rules) 11179 <-> WEB-CLIENT PowerPoint Viewer ActiveX function call unicode access (web-client.rules) 11180 <-> WEB-CLIENT quicktime movie ftyp buffer underflow (web-client.rules) 11181 <-> WEB-CLIENT Excel Viewer ActiveX clsid access (web-client.rules) 11182 <-> WEB-CLIENT Excel Viewer ActiveX clsid unicode access (web-client.rules) 11183 <-> WEB-CLIENT Excel Viewer ActiveX function call access (web-client.rules) 11184 <-> WEB-CLIENT Excel Viewer ActiveX function call unicode access (web-client.rules) 11187 <-> WEB-CLIENT Word Viewer ActiveX clsid access (web-client.rules) 11188 <-> WEB-CLIENT Word Viewer ActiveX clsid unicode access (web-client.rules) 11189 <-> WEB-CLIENT Word Viewer ActiveX function call access (web-client.rules) 11190 <-> WEB-CLIENT Word Viewer ActiveX function call unicode access (web-client.rules) 11197 <-> WEB-CLIENT ActiveX Soft DVD Tools ActiveX function call access (web-client.rules) 11198 <-> WEB-CLIENT ActiveX Soft DVD Tools ActiveX function call unicode access (web-client.rules) 11199 <-> WEB-CLIENT Office Viewer ActiveX clsid access (web-client.rules) 11200 <-> WEB-CLIENT Office Viewer ActiveX clsid unicode access (web-client.rules) 11201 <-> WEB-CLIENT Office Viewer ActiveX function call access (web-client.rules) 11202 <-> WEB-CLIENT Office Viewer ActiveX function call unicode access (web-client.rules) 11206 <-> WEB-CLIENT East Wind Software ADVDAUDIO ActiveX clsid access (web-client.rules) 11207 <-> WEB-CLIENT East Wind Software ADVDAUDIO ActiveX clsid unicode access (web-client.rules) 11208 <-> WEB-CLIENT East Wind Software ADVDAUDIO ActiveX function call access (web-client.rules) 11209 <-> WEB-CLIENT East Wind Software ADVDAUDIO ActiveX function call unicode access (web-client.rules) 11210 <-> WEB-CLIENT Sienzo Digital Music Mentor ActiveX clsid access (web-client.rules) 11211 <-> WEB-CLIENT Sienzo Digital Music Mentor ActiveX clsid unicode access (web-client.rules) 11212 <-> WEB-CLIENT Sienzo Digital Music Mentor ActiveX function call access (web-client.rules) 11213 <-> WEB-CLIENT Sienzo Digital Music Mentor ActiveX function call unicode access (web-client.rules) 11214 <-> WEB-CLIENT VeralSoft HTTP File Uploader ActiveX clsid access (web-client.rules) 11215 <-> WEB-CLIENT VeralSoft HTTP File Uploader ActiveX clsid unicode access (web-client.rules) 11216 <-> WEB-CLIENT VeralSoft HTTP File Uploader ActiveX function call access (web-client.rules) 11217 <-> WEB-CLIENT VeralSoft HTTP File Uploader ActiveX function call unicode access (web-client.rules) 11218 <-> WEB-CLIENT SmartCode VNC Manager ActiveX clsid access (web-client.rules) 11219 <-> WEB-CLIENT SmartCode VNC Manager ActiveX clsid unicode access (web-client.rules) 11220 <-> WEB-CLIENT SmartCode VNC Manager ActiveX function call access (web-client.rules) 11221 <-> WEB-CLIENT SmartCode VNC Manager ActiveX function call unicode access (web-client.rules) 11222 <-> SMTP Exchange MODPROPS denial of service attempt (smtp.rules) 11224 <-> WEB-CLIENT MSAuth ActiveX clsid access (web-client.rules) 11225 <-> WEB-CLIENT MSAuth ActiveX clsid unicode access (web-client.rules) 11226 <-> WEB-CLIENT MSAuth ActiveX function call access (web-client.rules) 11227 <-> WEB-CLIENT MSAuth ActiveX function call unicode access (web-client.rules) 11228 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid access (web-client.rules) 11229 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX clsid unicode access (web-client.rules) 11230 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX clsid access (web-client.rules) 11231 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX clsid unicode access (web-client.rules) 11232 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX function call access (web-client.rules) 11233 <-> WEB-CLIENT Microsoft Cryptographic API COM 1 ActiveX function call unicode access (web-client.rules) 11234 <-> WEB-CLIENT Microsoft Cryptographic API COM 2 ActiveX clsid access (web-client.rules) 11235 <-> WEB-CLIENT Microsoft Cryptographic API COM 2 ActiveX clsid unicode access (web-client.rules) 11236 <-> WEB-CLIENT OutlookExpress.AddressBook ActiveX clsid access (web-client.rules) 11237 <-> WEB-CLIENT OutlookExpress.AddressBook ActiveX clsid unicode access (web-client.rules) 11238 <-> WEB-CLIENT OutlookExpress.AddressBook ActiveX function call unicode access (web-client.rules) 11239 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX clsid access (web-client.rules) 11240 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX clsid unicode access (web-client.rules) 11241 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX function call access (web-client.rules) 11242 <-> WEB-CLIENT DXImageTransform.Microsoft.Redirect ActiveX function call unicode access (web-client.rules) 11243 <-> WEB-CLIENT DirectAnimation.DAstatics ActiveX clsid access (web-client.rules) 11244 <-> WEB-CLIENT DirectAnimation.DAstatics ActiveX clsid unicode access (web-client.rules) 11245 <-> WEB-CLIENT DirectAnimation.DAstatics ActiveX function call access (web-client.rules) 11246 <-> WEB-CLIENT DirectAnimation.DAstatics ActiveX function call unicode access (web-client.rules) 11247 <-> WEB-CLIENT Research In Motion TeamOn Import ActiveX clsid access (web-client.rules) 11248 <-> WEB-CLIENT Research In Motion TeamOn Import ActiveX clsid unicode access (web-client.rules) 11249 <-> WEB-CLIENT IE Address ActiveX clsid unicode access (web-client.rules) 11250 <-> WEB-CLIENT Sony Rootkit Uninstaller ActiveX clsid access (web-client.rules) 11251 <-> WEB-CLIENT Sony Rootkit Uninstaller ActiveX clsid unicode access (web-client.rules) 11252 <-> WEB-CLIENT IE Address ActiveX clsid access (web-client.rules) 11253 <-> WEB-CLIENT Microsoft MciWndx ActiveX clsid access (web-client.rules) 11254 <-> WEB-CLIENT Microsoft MciWndx ActiveX clsid unicode access (web-client.rules) 11255 <-> WEB-CLIENT Microsoft MciWndx ActiveX function call access (web-client.rules) 11256 <-> WEB-CLIENT Microsoft MciWndx ActiveX function call unicode access (web-client.rules) 11257 <-> WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory corruption vulnerability (web-client.rules) 11258 <-> WEB-CLIENT Excel Malformed Named Graph Information unicode overflow (web-client.rules) 11259 <-> WEB-CLIENT BarcodeWiz ActiveX clsid access (web-client.rules) 11260 <-> WEB-CLIENT BarcodeWiz ActiveX clsid unicode access (web-client.rules) 11261 <-> WEB-CLIENT BarcodeWiz ActiveX function call access (web-client.rules) 11262 <-> WEB-CLIENT BarcodeWiz ActiveX function call unicode access (web-client.rules) 11267 <-> WEB-CLIENT Adobe Photoshop PNG file handling stack buffer overflow attempt (web-client.rules) 11268 <-> WEB-CLIENT Symantec Norton AntiVirus ActiveX clsid access (web-client.rules) 11269 <-> WEB-CLIENT Symantec Norton AntiVirus ActiveX clsid unicode access (web-client.rules) 11270 <-> WEB-CLIENT Symantec Norton AntiVirus ActiveX function call access (web-client.rules) 11271 <-> WEB-CLIENT Symantec Norton AntiVirus ActiveX function call unicode access (web-client.rules) 11274 <-> WEB-CLIENT RControl ActiveX clsid access (web-client.rules) 11275 <-> WEB-CLIENT RControl ActiveX clsid unicode access (web-client.rules) 11276 <-> WEB-CLIENT GDivX Zenith Player AVI Fixer ActiveX clsid access (web-client.rules) 11277 <-> WEB-CLIENT GDivX Zenith Player AVI Fixer ActiveX clsid unicode access (web-client.rules) 11278 <-> WEB-CLIENT GDivX Zenith Player AVI Fixer ActiveX function call access (web-client.rules) 11279 <-> WEB-CLIENT GDivX Zenith Player AVI Fixer ActiveX function call unicode access (web-client.rules) 11280 <-> WEB-CLIENT FlexLabel ActiveX clsid access (web-client.rules) 11281 <-> WEB-CLIENT FlexLabel ActiveX clsid unicode access (web-client.rules) 11282 <-> WEB-CLIENT FlexLabel ActiveX function call access (web-client.rules) 11283 <-> WEB-CLIENT FlexLabel ActiveX function call unicode access (web-client.rules) 11284 <-> WEB-CLIENT AudioCDRipper ActiveX clsid access (web-client.rules) 11285 <-> WEB-CLIENT AudioCDRipper ActiveX clsid unicode access (web-client.rules) 11286 <-> WEB-CLIENT AudioCDRipper ActiveX function call access (web-client.rules) 11287 <-> WEB-CLIENT AudioCDRipper ActiveX function call unicode access (web-client.rules) 11290 <-> WEB-CLIENT Excel malformed named graph information ascii overflow (web-client.rules) 11291 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid access (web-client.rules) 11292 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid unicode access (web-client.rules) 11293 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX clsid access (web-client.rules) 11294 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX clsid unicode access (web-client.rules) 11295 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX function call access (web-client.rules) 11296 <-> WEB-CLIENT IDAutomation Linear Bar Code ActiveX function call unicode access (web-client.rules) 11297 <-> WEB-CLIENT Clever Database Comparer ActiveX clsid access (web-client.rules) 11298 <-> WEB-CLIENT Clever Database Comparer ActiveX clsid unicode access (web-client.rules) 11299 <-> WEB-CLIENT Clever Database Comparer ActiveX function call access (web-client.rules) 11300 <-> WEB-CLIENT Clever Database Comparer ActiveX function call unicode access (web-client.rules) 11301 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX clsid access (web-client.rules) 11302 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX clsid unicode access (web-client.rules) 11303 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX function call access (web-client.rules) 11304 <-> WEB-CLIENT DB Software Laboratory DeWizardX ActiveX function call unicode access (web-client.rules) 11324 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX function call access (web-client.rules) 11325 <-> WEB-CLIENT Microsoft Input Method Editor 3 ActiveX function call unicode access (web-client.rules) 12064 <-> WEB-IIS w3svc _vti_bin null pointer dereference attempt (web-iis.rules) 12280 <-> WEB-CLIENT VML source file memory corruption (web-client.rules) 12281 <-> WEB-CLIENT VML source file memory corruption (web-client.rules) 12282 <-> WEB-CLIENT VML source file memory corruption (web-client.rules)
