Sourcefire VRT Rules Update

Date: 2010-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18240 <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules, High)
18241 <-> WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX clsid access (web-activex.rules, High)
18242 <-> WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX function call access (web-activex.rules, High)
18243 <-> SPECIFIC-THREATS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (specific-threats.rules, High)

Updated rules:
17388 <-> WEB-CLIENT OpenOffice EMF file EMR record parsing integer overflow attempt (web-client.rules, High)