Sourcefire VRT Rules Update

Date: 2009-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message

New Rules:
15878  WEB-ACTIVEX AcerCtrls.APlunch ActiveX clsid access
15879  WEB-ACTIVEX AcerCtrls.APlunch ActiveX clsid unicode access
15880  SPECIFIC-THREATS Microsoft Internet Explorer popup window object tag code execution attempt
15882  EXPLOIT McAfee E-Business Server remote preauth code execution attempt
15883  EXPLOIT SAPLPD 0x01 command buffer overflow attempt
15884  EXPLOIT SAPLPD 0x02 command buffer overflow attempt
15885  EXPLOIT SAPLPD 0x03 command buffer overflow attempt
15886  EXPLOIT SAPLPD 0x04 command buffer overflow attempt
15887  EXPLOIT SAPLPD 0x05 command buffer overflow attempt
15888  EXPLOIT SAPLPD 0x31 command buffer overflow attempt
15889  EXPLOIT SAPLPD 0x32 command buffer overflow attempt
15890  EXPLOIT SAPLPD 0x33 command buffer overflow attempt
15891  EXPLOIT SAPLPD 0x34 command buffer overflow attempt
15894  SPECIFIC-THREATS Microsoft Color Management MOdule remote code execution attempt
15895  CHAT Pidgin MSN P2P message 64bit integer overflow attempt
15897  WEB-MISC SSLv1 Client_Hello Challenge Length overflow attempt
15901  MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
15892  EXPLOIT SAPLPD 0x53 command buffer overflow attempt
15896  DOS Firebird SQL op_connect_request denial of service attempt
15881  NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
15893  WEB-CLIENT fCreateShellLink function use - potential attack
15898  WEB-MISC Audio Interchange File Format download request
15899  WEB-MISC Audio Interchange File Format file request
15900  WEB-MISC Audio Interchange File Format request

Updated rules:
2656  WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt
2705  WEB-CLIENT JPEG parser heap overflow attempt
3550  WEB-CLIENT HTML http/https scheme hostname overflow attempt
13594  SPECIFIC-THREATS Microsoft Windows print spooler little endian DoS attempt
14019  WEB-CLIENT CyberLink PowerDVD playlist m3u file handling stack overflow attempt
14020  WEB-CLIENT CyberLink PowerDVD playlist pls file handling stack overflow attempt
15472  WEB-CLIENT Nullsoft Winamp pls file player name handling buffer overflow attempt
15524  EXPLOIT Microsoft Word remote code execution attempt
15525  EXPLOIT Microsoft Word remote code execution attempt
13827  DOS Microsoft PGM denial of service attempt
5930  SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 2
5932  SPYWARE-PUT Adware cashbar runtime detection - stats track