Sourcefire VRT Rules Update

Date: 2011-06-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.5.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:19267 <-> ENABLED <-> SHELLCODE Possible heap spray attempt (shellcode.rules)
 * 1:19266 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19265 <-> ENABLED <-> SPECIFIC-THREATS Internet Explorer layout-grid-char value exploit attempt (specific-threats.rules)
 * 1:19264 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19263 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19262 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript float index array memory corruption (specific-threats.rules)
 * 1:19261 <-> ENABLED <-> SPECIFIC-THREATS Excel BIFF8 invalid Selection.cref exploit attempt (specific-threats.rules)

Modified Rules:


 * 1:1377 <-> DISABLED <-> FTP wu-ftp bad file completion attempt (ftp.rules)
 * 1:1378 <-> DISABLED <-> FTP wu-ftp bad file completion attempt (ftp.rules)
 * 1:19181 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer iframe uninitialized memory corruption attempt (specific-threats.rules)
 * 1:19218 <-> DISABLED <-> WEB-CLIENT Microsoft Windows Fax Cover Page download attempt (web-client.rules)
 * 1:19220 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (specific-threats.rules)
 * 1:19257 <-> ENABLED <-> WEB-CLIENT Adobe Flash ActionScript float index memory corruption (web-client.rules)