Sourcefire VRT Rules Update

Date: 2010-10-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.5.3.

The format of the file is:

sid - Message (rule group, priority)

New rules:
17802 <-> WEB-CLIENT Director Movie File Download (web-client.rules, Low)
17803 <-> WEB-CLIENT Adobe Shockwave Director rcsL chunk memory corruption attempt (web-client.rules, High)
17804 <-> WEB-CLIENT Mozilla Firefox html tag attributes memory corruption (web-client.rules, High)

Updated rules:
12972 <-> WEB-CLIENT Microsoft Media Player .asf markers detected (web-client.rules, High)
13268 <-> RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (rpc.rules, High)
13517 <-> EXPLOIT Apple QTIF malformed idsc atom (exploit.rules, High)
13520 <-> EXPLOIT Winamp Ultravox streaming malicious metadata (exploit.rules, High)
13521 <-> EXPLOIT Winamp Ultravox streaming malicious metadata (exploit.rules, High)
13583 <-> WEB-CLIENT Microsoft SYmbolic LinK file download request (web-client.rules, Low)
13585 <-> WEB-CLIENT Microsoft SYmbolic LinK file download (web-client.rules, Low)
15241 <-> MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (multimedia.rules, High)
15306 <-> WEB-CLIENT Portable Executable binary file transfer (web-client.rules, Low)
15363 <-> WEB-CLIENT Potential obfuscated javascript eval unescape attack attempt (web-client.rules, Low)
15572 <-> DOS Curse of Silence Nokia SMS DoS attempt (dos.rules, Medium)
15728 <-> EXPLOIT Possible Adobe PDF ActionScript byte_array heap spray attempt (exploit.rules, High)
15729 <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules, High)
15993 <-> SPECIFIC-THREATS Adobe Flash Player ActionScript intrf_count integer overflow attempt (specific-threats.rules, High)
17644 <-> SPECIFIC-THREATS Internet Explorer object clone deletion memory corruption attempt (specific-threats.rules, High)