Sourcefire VRT Rules Update

Date: 2008-12-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group)

15125 <-> WEB-CLIENT Microsoft Word rich text file unpaired dpendgroup exploit attempt (web-client.rules)
15124 <-> WEB-CLIENT Web-based NTLM reflection attack attempt (netbios.rules)
15123 <-> WEB-CLIENT Rich Text Format file request (web-client.rules)
15122 <-> WEB-ACTIVEX Shell.Explorer 2 ActiveX clsid access (web-client.rules)
15121 <-> WEB-CLIENT Microsoft Visual Basic Winsock ActiveX function call unicode access (web-client.rules)
15120 <-> WEB-CLIENT Microsoft Visual Basic Winsock ActiveX function call access (web-client.rules)
15119 <-> WEB-CLIENT Microsoft Visual Basic Winsock ActiveX clsid unicode access (web-client.rules)
15118 <-> WEB-CLIENT Microsoft Visual Basic Winsock ActiveX clsid access (web-client.rules)
15117 <-> WEB-CLIENT Microsoft Excel malformed OBJ record arbitrary code execution attempt (web-client.rules)
15116 <-> WEB-CLIENT Windows search protocol handler access attempt (web-client.rules)
15115 <-> WEB-CLIENT WebDAV pathname buffer overflow attempt (web-client.rules)
15114 <-> WEB-CLIENT Microsoft Internet Explorer embed src buffer overflow attempt (web-client.rules)
15113 <-> WEB-ACTIVEX Shell.Explorer 2 ActiveX function call unicode access (web-client.rules)
15112 <-> WEB-ACTIVEX Shell.Explorer 2 ActiveX function call access (web-client.rules)
15111 <-> WEB-ACTIVEX Shell.Explorer 2 ActiveX clsid unicode access (web-client.rules)
15110 <-> WEB-ACTIVEX Shell.Explorer 1 ActiveX clsid unicode access (web-client.rules)
15109 <-> WEB-ACTIVEX Shell.Explorer 1 ActiveX clsid access (web-client.rules)
15108 <-> WEB-CLIENT Microsoft Office Sharepoint Server elevation of privilege exploit attempt (web-client.rules)
15107 <-> WEB-CLIENT Microsoft Word .rtf file stylesheet buffer overflow attempt (web-client.rules)
15106 <-> WEB-CLIENT Microsoft Word .rtf file integer overflow attempt (web-client.rules)
15105 <-> WEB-CLIENT Microsoft GDI WMF file parsing integer overflow attempt (web-client.rules)
15104 <-> WEB-CLIENT Visual Basic 6.0 malformed AVI buffer overflow attempt (web-client.rules)
15103 <-> WEB-CLIENT Microsoft Visual Basic Hierarchical FlexGrid ActiveX function call unicode access (web-client.rules)
15102 <-> WEB-CLIENT Microsoft Visual Basic Hierarchical FlexGrid ActiveX function call access (web-client.rules)
15101 <-> WEB-CLIENT Microsoft Visual Basic Hierarchical FlexGrid ActiveX clsid unicode access (web-client.rules)
15100 <-> WEB-CLIENT Microsoft Visual Basic Hierarchical FlexGrid ActiveX clsid access (web-client.rules)
15099 <-> WEB-CLIENT Microsoft Visual Basic FlexGrid ActiveX function call unicode access (web-client.rules)
15098 <-> WEB-CLIENT Microsoft Visual Basic FlexGrid ActiveX function call access (web-client.rules)
15097 <-> WEB-CLIENT Microsoft Visual Basic FlexGrid ActiveX clsid unicode access (web-client.rules)
15096 <-> WEB-CLIENT Microsoft Visual Basic FlexGrid ActiveX clsid access (web-client.rules)
15095 <-> WEB-CLIENT Microsoft Visual Basic DataGrid ActiveX function call unicode access (web-client.rules)
15094 <-> WEB-CLIENT Microsoft Visual Basic DataGrid ActiveX function call access (web-client.rules)
15093 <-> WEB-CLIENT Microsoft Visual Basic DataGrid ActiveX clsid unicode access (web-client.rules)
15092 <-> WEB-CLIENT Microsoft Visual Basic DataGrid ActiveX clsid access (web-client.rules)
15091 <-> WEB-CLIENT Microsoft Visual Basic Charts ActiveX function call unicode access (web-client.rules)
15090 <-> WEB-CLIENT Microsoft Visual Basic Charts ActiveX function call access (web-client.rules)
15089 <-> WEB-CLIENT Microsoft Visual Basic Charts ActiveX clsid unicode access (web-client.rules)
15088 <-> WEB-CLIENT Microsoft Visual Basic Charts ActiveX clsid access (web-client.rules)
15087 <-> WEB-CLIENT Microsoft Common Controls Animation Object ActiveX function call unicode access (web-client.rules)
15086 <-> WEB-CLIENT Microsoft Common Controls Animation Object ActiveX function call access (web-client.rules)
15085 <-> WEB-CLIENT Microsoft Common Controls Animation Object ActiveX clsid unicode access (web-client.rules)
15084 <-> WEB-CLIENT Microsoft Common Controls Animation Object ActiveX clsid access (web-client.rules)
15083 <-> EXPLOIT Microsoft Word .rtf file double free attempt (exploit.rules)
15082 <-> EXPLOIT rtf malformed dpcallout buffer overflow attempt (exploit.rules)
15081 <-> WEB-CLIENT Sun Java Web Start xml encoding buffer overflow attempt (web-client.rules)
15080 <-> MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (multimedia.rules)
15079 <-> WEB-MISC WAV Formatfile download attempt (web-misc.rules)