Sourcefire VRT Rules Update
Date: 2010-09-09
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.
The format of the file is:
sid - Message (rule group, priority)
New rules: 17219 <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules, High) 17220 <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules, High) 17221 <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules, High) 17222 <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules, High) 17223 <-> SPECIFIC-THREATS Adobe Flash Player navigateToURL cross-site scripting attempt (specific-threats.rules, Low) 17224 <-> SMTP McAfee WebShield SMTP bounce message format string attempt (smtp.rules, High) 17225 <-> SPECIFIC-THREATS Alt-N MDaemon WorldClient invalid user (specific-threats.rules, Medium) 17226 <-> WEB-ACTIVEX AXIS Camera ActiveX initialization via script (web-activex.rules, High) 17227 <-> WEB-CLIENT Microsoft Excel sheet name memory corruption attempt (web-client.rules, High) 17228 <-> SPECIFIC-THREATS Microsoft Windows Media Player skin decompression code execution attempt (specific-threats.rules, High) 17229 <-> WEB-CLIENT Tiff file download - little-endian (web-client.rules, Low) 17230 <-> WEB-CLIENT Tiff file download - big-endian (web-client.rules, Low) 17231 <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules, High) 17232 <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules, High) 17233 <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules, High) Updated rules: 12633 <-> EXPLOIT Microsoft Kodak Imaging small offset malformed tiff (exploit.rules, High) 12634 <-> EXPLOIT Microsoft Kodak Imaging large offset malformed tiff 2 (exploit.rules, High) 15243 <-> WEB-ACTIVEX AXIS Camera ActiveX clsid access (web-activex.rules, High)
