Sourcefire VRT Rules Update

Date: 2010-11-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
17808 <-> SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption attempt (specific-threats.rules, High)
17809 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
17810 <-> WEB-MISC potential malware - download of server32.exe (web-misc.rules, Medium)
17811 <-> WEB-MISC potential malware - download of svchost.exe (web-misc.rules, Medium)
17812 <-> WEB-MISC potential malware - download of iexplore.exe (web-misc.rules, Medium)
17813 <-> WEB-MISC potential malware - download of iprinp.dll (web-misc.rules, Medium)
17814 <-> WEB-MISC potential malware - download of winzf32.dll (web-misc.rules, Medium)

Updated rules:
4676 <-> ORACLE Enterprise Manager Application Server Control POST Parameter Overflow Attempt (oracle.rules, High)
4677 <-> ORACLE Enterprise Manager Application Server Control GET Parameter Overflow Attempt (oracle.rules, High)
4678 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
12286 <-> WEB-CLIENT PCRE character class double free overflow attempt (web-client.rules, High)
13364 <-> SMTP Novell GroupWise client IMG SRC buffer overflow (smtp.rules, High)
17804 <-> WEB-CLIENT Mozilla Firefox html tag attributes memory corruption (web-client.rules, High)