Sourcefire VRT Rules Update

Date: 2010-09-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
17219 <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules, High)
17220 <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules, High)
17221 <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules, High)
17222 <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules, High)
17223 <-> SPECIFIC-THREATS Adobe Flash Player navigateToURL cross-site scripting attempt (specific-threats.rules, Low)
17224 <-> SMTP McAfee WebShield SMTP bounce message format string attempt (smtp.rules, High)
17225 <-> SPECIFIC-THREATS Alt-N MDaemon WorldClient invalid user (specific-threats.rules, Medium)
17226 <-> WEB-ACTIVEX AXIS Camera ActiveX initialization via script (web-activex.rules, High)
17227 <-> WEB-CLIENT Microsoft Excel sheet name memory corruption attempt (web-client.rules, High)
17228 <-> SPECIFIC-THREATS Microsoft Windows Media Player skin decompression code execution attempt (specific-threats.rules, High)
17229 <-> WEB-CLIENT Tiff file download - little-endian (web-client.rules, Low)
17230 <-> WEB-CLIENT Tiff file download - big-endian (web-client.rules, Low)
17231 <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules, High)
17232 <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules, High)
17233 <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules, High)

Updated rules:
12633 <-> EXPLOIT Microsoft Kodak Imaging small offset malformed tiff (exploit.rules, High)
12634 <-> EXPLOIT Microsoft Kodak Imaging large offset malformed tiff 2 (exploit.rules, High)
15243 <-> WEB-ACTIVEX AXIS Camera ActiveX clsid access (web-activex.rules, High)