Sourcefire VRT Rules Update

Date: 2011-11-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.5.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20538 <-> DISABLED <-> WEB-ACTIVEX Phobos.Playlist ActiveX function call access (web-activex.rules)
 * 1:20537 <-> DISABLED <-> WEB-ACTIVEX Phobos.Playlist ActiveX clsid access (web-activex.rules)
 * 1:20536 <-> ENABLED <-> WEB-ACTIVEX Moxa MediaDBPlayback.DLL ActiveX clsid access (web-activex.rules)
 * 1:20535 <-> ENABLED <-> WEB-CLIENT Opera Config File script access attempt (web-client.rules)
 * 1:20540 <-> ENABLED <-> POLICY Microsoft Word document with embedded TrueType font (policy.rules)
 * 3:20539 <-> ENABLED <-> WEB-CLIENT Microsoft TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (web-client.rules)

Modified Rules:


 * 1:16582 <-> ENABLED <-> WEB-CLIENT Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (web-client.rules)
 * 1:15306 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detection (file-identify.rules)
 * 1:13523 <-> ENABLED <-> WEB-ACTIVEX Novell iPrint ActiveX clsid access (web-activex.rules)
 * 1:16606 <-> ENABLED <-> ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (oracle.rules)