Sourcefire VRT Rules Update

Date: 2009-09-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15921 <-> WEB-CLIENT Microsoft media format file download request (web-client.rules, Low)
15922 <-> WEB-CLIENT mp3 file download request (web-client.rules, Low)
15923 <-> WEB-ACTIVEX DHTML Editing ActiveX clsid unicode access (web-activex.rules, High)
15924 <-> WEB-ACTIVEX DHTML Editing ActiveX function call access (web-activex.rules, High)
15925 <-> WEB-ACTIVEX DHTML Editing ActiveX function call unicode access (web-activex.rules, High)
15926 <-> WEB-ACTIVEX PPStream PPSMediaList ActiveX clsid access (web-activex.rules, High)
15927 <-> WEB-ACTIVEX PPStream PPSMediaList ActiveX clsid unicode access (web-activex.rules, High)
15928 <-> WEB-ACTIVEX PPStream PPSMediaList ActiveX function call access (web-activex.rules, High)
15929 <-> WEB-ACTIVEX PPStream PPSMediaList ActiveX function call unicode access (web-activex.rules, High)
15930 <-> SPECIFIC-THREAT Microsoft Windows SMB malformed process ID high field denial-of-service attempt (specific-threats.rules, Medium)

Updated rules:
1973 <-> FTP MKD overflow attempt (ftp.rules, High)
2374 <-> FTP NLST overflow attempt (ftp.rules, High)
4148 <-> WEB-ACTIVEX DHTML Editing ActiveX clsid access (web-activex.rules, High)