Sourcefire VRT Rules Update

Date: 2009-12-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16313 <-> POLICY download of executable content - x-header (policy.rules, High)
16332 <-> EXPLOIT Symantec System Center Alert Management System arbitrary command execution attempt (exploit.rules, High)

Updated rules:
15483 <-> WEB-MISC Adobe Shockwave Flash file request (web-misc.rules, Low)
15638 <-> WEB-ACTIVEX Microsoft Video 32 ActiveX clsid access (web-activex.rules, High)
15639 <-> WEB-ACTIVEX Microsoft Video 32 ActiveX clsid unicode access (web-activex.rules, High)
15729 <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules, High)
15993 <-> SPECIFIC-THREATS Adobe Flash Player ActionScript intrf_count integer overflow attempt (specific-threats.rules, High)
16159 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 1 ActiveX clsid access (web-activex.rules, High)
16160 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 1 ActiveX clsid unicode access (web-activex.rules, High)
16161 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 2 ActiveX clsid access (web-activex.rules, High)
16162 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 2 ActiveX clsid unicode access (web-activex.rules, High)
16163 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 3 ActiveX clsid access (web-activex.rules, High)
16164 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 3 ActiveX clsid unicode access (web-activex.rules, High)
16165 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 4 ActiveX clsid access (web-activex.rules, High)
16166 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 4 ActiveX clsid unicode access (web-activex.rules, High)
16310 <-> WEB-CLIENT IE 6/7 outerHTML invalid reference arbitrary code execution attempt (web-client.rules, High)
16311 <-> WEB-CLIENT IE 6/7 single line outerHTML invalid reference arbitrary code execution attempt (web-client.rules, High)