Sourcefire VRT Rules Update

Date: 2010-05-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8_6_0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16598 <-> SPECIFIC-THREATS Green Dam URL handling overflow attempt (specific-threats.rules, High)
16599 <-> SPECIFIC-THREATS AtHocGov IWSAlerts ActiveX control buffer overflow attempt (specific-threats.rules, High)
16600 <-> BACKDOOR Otlard Trojan activity (backdoor.rules, High)
16601 <-> WEB-CLIENT Amaya web editor XML and HTML Parser Buffer overflow attempt (web-client.rules, High)
16602 <-> SPECIFIC-THREATS Microsoft DirectShow 3 ActiveX exploit via JavaScript (specific-threats.rules, High)
16603 <-> WEB-CLIENT Adobe Reader U3D CLOD integer overflow (web-client.rules, High)
16604 <-> WEB-MISC HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (web-misc.rules, High)
16605 <-> SPECIFIC-THREATS Internet Explorer nested SPAN tag memory corruption attempt (specific-threats.rules, High)

Updated rules:
2278 <-> WEB-MISC client negative Content-Length attempt (web-misc.rules, Medium)
2570 <-> WEB-MISC Invalid HTTP Version String (web-misc.rules, Medium)
12592 <-> SMTP Recipient arbitrary command injection attempt (smtp.rules, High)
14019 <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules, High)
14020 <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules, High)
16458 <-> DELETED WEB-CLIENT Autonomy KeyView SDK Excel file SST parsing integer overflow attempt (deleted.rules, High)