Sourcefire VRT Rules Update

Date: 2011-09-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.5.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20182 <-> ENABLED <-> WEB-CLIENT Adobe Flash Player viewSource blacklist exclusion attempt (web-client.rules)
 * 1:15733 <-> ENABLED <-> EXPLOIT Microsoft Internet Explorer empty table tag memory corruption attempt (exploit.rules)
 * 1:20183 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player setInterval use attempt (specific-threats.rules)
 * 1:20181 <-> ENABLED <-> WEB-CLIENT Adobe Flash Speex-encoded audio buffer underflow attempt (web-client.rules)

Modified Rules:


 * 1:19460 <-> ENABLED <-> WEB-CLIENT Microsoft CSRSS multiple consoles on a single process attempt (web-client.rules)