Sourcefire VRT Rules Update

Date: 2010-11-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.0.

The format of the file is:

sid - Message (rule group, priority)

Updated rules:
5713 <-> WEB-CLIENT Windows Metafile invalid header size integer overflow (web-client.rules, High)
8470 <-> DELETED BACKDOOR superspy 2.0 beta runtime detection - get system info (deleted.rules, High)
8471 <-> DELETED BACKDOOR superspy 2.0 beta runtime detection - get system info 2 (deleted.rules, High)
8472 <-> DELETED BACKDOOR superspy 2.0 beta runtime detection - screen capture 2 (deleted.rules, High)
8473 <-> DELETED BACKDOOR superspy 2.0 beta runtime detection - screen capture (deleted.rules, High)
8474 <-> DELETED BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage 2 (deleted.rules, High)
8475 <-> DELETED BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage (deleted.rules, High)
12634 <-> EXPLOIT Microsoft Kodak Imaging large offset malformed tiff 2 (exploit.rules, High)
13363 <-> EXPLOIT Cisco Unified Communications Manager heap overflow attempt (exploit.rules, High)