Sourcefire VRT Rules Update

Date: 2011-06-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:19257 <-> ENABLED <-> WEB-CLIENT Adobe Flash ActionScript float index memory corruption (web-client.rules)
 * 1:19258 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Excel SxView record memory pointer corruption attempt (specific-threats.rules)
 * 1:19260 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Excel malformed MsoDrawingObject record attempt (specific-threats.rules)
 * 1:19259 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Excel WOpt record memory corruption attempt (specific-threats.rules)

Modified Rules:


 * 1:19253 <-> ENABLED <-> WEB-CLIENT Adobe Reader malicious language.engtesselate.ln file download attempt (web-client.rules)
 * 3:18632 <-> ENABLED <-> WEB-CLIENT Microsoft Excel malformed Label record exploit attempt (web-client.rules)
 * 3:16319 <-> ENABLED <-> WEB-CLIENT Safari-IE SearchPath blended threat attempt (web-client.rules)
 * 3:16659 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer style sheet array memory corruption attempt (exploit.rules)
 * 3:17767 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer IE8 tostaticHTML CSS import vulnerability (exploit.rules)