Sourcefire VRT Rules Update
Date: 2008-03-11
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group)
New rules: 13582 <-> WEB-CLIENT Microsoft Excel sst record arbitrary code excecution attempt (web-client.rules) 13581 <-> WEB-CLIENT Microsoft Office Web Components remote code execution attempt ActiveX clsid unicode access (web-client.rules) 13580 <-> WEB-CLIENT Microsoft Office Web Components remote code execution attempt ActiveX clsid access (web-client.rules) 13573 <-> WEB-CLIENT Microsoft Outlook arbitrary command line attempt (web-client.rules) 13572 <-> WEB-CLIENT Microsoft Powerpoint malformed shapeid arbitrary code execution attempt (web-client.rules) 13571 <-> WEB-CLIENT Microsoft Excel dval record arbitrary code excecution attempt (web-client.rules) 13570 <-> WEB-CLIENT Microsoft Excel cf record arbitrary code excecution attempt (web-client.rules) 13569 <-> WEB-CLIENT Microsoft Excel macro validation arbitrary code execution attempt (web-client.rules) 13583 <-> WEB-CLIENT Microsoft SYmbolic LinK file download request (web-client.rules) 13584 <-> WEB-CLIENT csv file download request (web-client.rules) 13585 <-> WEB-CLIENT Microsoft SYmbolic LinK file download (web-client.rules) Updated rules: 4170 <-> WEB-CLIENT Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (web-client.rules) 4177 <-> WEB-CLIENT Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid access (web-client.rules) 7870 <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX clsid access (web-client.rules) 7871 <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX clsid unicode access (web-client.rules) 13468 <-> WEB-CLIENT Office 2000 and 2002 Web Components Data Source Control ActiveX clsid unicode access (web-client.rules)
