Sourcefire VRT Rules Update

Date: 2011-07-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.4.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:19409 <-> DISABLED <-> VOIP-SIP INVITE to global broadcast address (voip.rules)
 * 1:19410 <-> DISABLED <-> VOIP-SIP INVITE TCP to global broadcast address (voip.rules)
 * 1:19411 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer Cross-Domain information disclosure attempt (specific-threats.rules)

Modified Rules:


 * 1:18265 <-> ENABLED <-> WEB-CLIENT Microsoft Office thumbnail bitmap invalid biClrUsed attempt (web-client.rules)
 * 3:18398 <-> ENABLED <-> WEB-CLIENT Microsoft Office thumbnail bitmap invalid biClrUsed attempt (web-client.rules)