Sourcefire VRT Rules Update
Date: 2009-08-25
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message
New Rules: 15878 WEB-ACTIVEX AcerCtrls.APlunch ActiveX clsid access 15879 WEB-ACTIVEX AcerCtrls.APlunch ActiveX clsid unicode access 15880 SPECIFIC-THREATS Microsoft Internet Explorer popup window object tag code execution attempt 15882 EXPLOIT McAfee E-Business Server remote preauth code execution attempt 15883 EXPLOIT SAPLPD 0x01 command buffer overflow attempt 15884 EXPLOIT SAPLPD 0x02 command buffer overflow attempt 15885 EXPLOIT SAPLPD 0x03 command buffer overflow attempt 15886 EXPLOIT SAPLPD 0x04 command buffer overflow attempt 15887 EXPLOIT SAPLPD 0x05 command buffer overflow attempt 15888 EXPLOIT SAPLPD 0x31 command buffer overflow attempt 15889 EXPLOIT SAPLPD 0x32 command buffer overflow attempt 15890 EXPLOIT SAPLPD 0x33 command buffer overflow attempt 15891 EXPLOIT SAPLPD 0x34 command buffer overflow attempt 15894 SPECIFIC-THREATS Microsoft Color Management MOdule remote code execution attempt 15895 CHAT Pidgin MSN P2P message 64bit integer overflow attempt 15897 WEB-MISC SSLv1 Client_Hello Challenge Length overflow attempt 15901 MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt 15892 EXPLOIT SAPLPD 0x53 command buffer overflow attempt 15896 DOS Firebird SQL op_connect_request denial of service attempt 15881 NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt 15893 WEB-CLIENT fCreateShellLink function use - potential attack 15898 WEB-MISC Audio Interchange File Format download request 15899 WEB-MISC Audio Interchange File Format file request 15900 WEB-MISC Audio Interchange File Format request Updated rules: 2656 WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt 2705 WEB-CLIENT JPEG parser heap overflow attempt 3550 WEB-CLIENT HTML http/https scheme hostname overflow attempt 13594 SPECIFIC-THREATS Microsoft Windows print spooler little endian DoS attempt 14019 WEB-CLIENT CyberLink PowerDVD playlist m3u file handling stack overflow attempt 14020 WEB-CLIENT CyberLink PowerDVD playlist pls file handling stack overflow attempt 15472 WEB-CLIENT Nullsoft Winamp pls file player name handling buffer overflow attempt 15524 EXPLOIT Microsoft Word remote code execution attempt 15525 EXPLOIT Microsoft Word remote code execution attempt 13827 DOS Microsoft PGM denial of service attempt 5930 SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 2 5932 SPYWARE-PUT Adware cashbar runtime detection - stats track
