Sourcefire VRT Rules Update
Date: 2009-01-20
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 15228 <-> WEB-ACTIVEX Ciansoft PDFBuilderX ActiveX clsid access (web-activex.rules, High) 15229 <-> WEB-ACTIVEX Ciansoft PDFBuilderX ActiveX clsid unicode access (web-activex.rules, High) 15230 <-> WEB-ACTIVEX Office Viewer 2 ActiveX clsid access (web-activex.rules, High) 15231 <-> WEB-ACTIVEX Office Viewer 2 ActiveX clsid unicode access (web-activex.rules, High) 15232 <-> WEB-ACTIVEX Easy Grid ActiveX clsid access (web-activex.rules, High) 15233 <-> WEB-ACTIVEX Easy Grid ActiveX clsid unicode access (web-activex.rules, High) 15234 <-> WEB-ACTIVEX Easy Grid ActiveX function call access (web-activex.rules, High) 15235 <-> WEB-ACTIVEX Easy Grid ActiveX function call unicode access (web-activex.rules, High) 15236 <-> WEB-CLIENT ACD Systems ACDSee XPM file format overflow attempt (web-client.rules, High) 15237 <-> WEB-MISC Java .class file download attempt (web-misc.rules, Low) 15238 <-> SPECIFIC-THREATS Apple QuickTime for Java toQTPointer function memory corruption attempt (specific-threats.rules, High) 15239 <-> WEB-MISC RealMedia format file download attempt (web-misc.rules, Low) 15240 <-> WEB-MISC RealMedia format file download attempt (web-misc.rules, Low) 15241 <-> MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (multimedia.rules, High) 15242 <-> WEB-CLIENT HP OpenView Network Node Manager Toolbar.exe HTTP request buffer overflow attempt (web-client.rules, High)
