Sourcefire VRT Rules Update
Date: 2010-10-26
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.
The format of the file is:
sid - Message (rule group, priority)
New rules: 17801 <-> WEB-CLIENT Director Movie File Embeded (web-client.rules, Low) 17802 <-> WEB-CLIENT Director Movie File Download (web-client.rules, Low) 17803 <-> WEB-CLIENT Adobe Shockwave Director rcsL chunk memory corruption attempt (web-client.rules, High) 17804 <-> WEB-CLIENT Mozilla Firefox html tag attributes memory corruption (web-client.rules, High) 17805 <-> SPYWARE-PUT Worm.Win32.Neeris.BF contact to server attempt (spyware-put.rules, High) Updated rules: 12972 <-> WEB-CLIENT Microsoft Media Player .asf markers detected (web-client.rules, High) 13268 <-> RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (rpc.rules, High) 13419 <-> WEB-ACTIVEX Facebook Photo Uploader ActiveX clsid access (web-activex.rules, High) 13420 <-> WEB-ACTIVEX Facebook Photo Uploader ActiveX clsid unicode access (web-activex.rules, High) 13421 <-> WEB-ACTIVEX Facebook Photo Uploader ActiveX function call access (web-activex.rules, High) 13422 <-> WEB-ACTIVEX Facebook Photo Uploader ActiveX function call unicode access (web-activex.rules, High) 13517 <-> EXPLOIT Apple QTIF malformed idsc atom (exploit.rules, High) 13520 <-> EXPLOIT Winamp Ultravox streaming malicious metadata (exploit.rules, High) 13521 <-> EXPLOIT Winamp Ultravox streaming malicious metadata (exploit.rules, High) 13583 <-> WEB-CLIENT Microsoft SYmbolic LinK file download request (web-client.rules, Low) 13585 <-> WEB-CLIENT Microsoft SYmbolic LinK file download (web-client.rules, Low) 15126 <-> WEB-CLIENT Internet Explorer nested tag memory corruption attempt (web-client.rules, High) 15241 <-> MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (multimedia.rules, High) 15306 <-> WEB-CLIENT Portable Executable binary file transfer (web-client.rules, Low) 15363 <-> WEB-CLIENT Potential obfuscated javascript eval unescape attack attempt (web-client.rules, Low) 15572 <-> DOS Curse of Silence Nokia SMS DoS attempt (dos.rules, Medium) 15727 <-> POLICY Attempted download of a PDF with embedded Flash (policy.rules, High) 15728 <-> EXPLOIT Possible Adobe PDF ActionScript byte_array heap spray attempt (exploit.rules, High) 15729 <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules, High) 15993 <-> SPECIFIC-THREATS Adobe Flash Player ActionScript intrf_count integer overflow attempt (specific-threats.rules, High) 16547 <-> WEB-ACTIVEX Java Web Start ActiveX launch command by CLSID (web-activex.rules, High) 16548 <-> WEB-ACTIVEX Java Web Start ActiveX launch command by JavaScript CLSID (web-activex.rules, High) 17644 <-> SPECIFIC-THREATS Internet Explorer object clone deletion memory corruption attempt (specific-threats.rules, High) 17654 <-> SPECIFIC-THREATS Facebook Photo Uploader ActiveX exploit attempt (specific-threats.rules, High)
