Sourcefire VRT Rules Update

Date: 2011-01-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.1.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18298 <-> SPECIFIC-THREATS Mozilla Firefox Javascript large regex memory corruption attempt (specific-threats.rules, High)
18299 <-> WEB-CLIENT Microsoft Internet Explorer implicit drag and drop file installation attempt (web-client.rules, High)
18300 <-> WEB-CLIENT Microsoft Internet Explorer FTP command injection attempt (web-client.rules, High)
18301 <-> SPECIFIC-THREATS Mozilla Firefox GeckoActiveXObject memory corruption attempt (specific-threats.rules, High)
18302 <-> SPECIFIC-THREATS Mozilla Firefox new function garbage collection remote code execution attempt (specific-threats.rules, High)

Updated rules:
5710 <-> WEB-CLIENT Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (web-client.rules, High)
10192 <-> WEB-ACTIVEX RealPlayer Ierpplug.dll ActiveX clsid access (web-activex.rules, High)
10194 <-> WEB-ACTIVEX RealPlayer Ierpplug.dll ActiveX function call access (web-activex.rules, High)
12280 <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules, High)
12281 <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules, High)
12282 <-> WEB-CLIENT Microsoft Internet Explorer VML source file memory corruption attempt (web-client.rules, High)
18196 <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules, High)
18240 <-> WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt (web-client.rules, High)