Snort :: Changes 2008-02-12

Sourcefire VRT Rules Update

Date: 2008-02-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group)
New rules:
13426 <-> WEB-CLIENT Yahoo Music JukeBox DataGrid ActiveX clsid access (web-client.rules)
13427 <-> WEB-CLIENT Yahoo Music JukeBox DataGrid ActiveX clsid unicode access (web-client.rules)
13428 <-> WEB-CLIENT Yahoo Music JukeBox DataGrid ActiveX function call access (web-client.rules)
13429 <-> WEB-CLIENT Yahoo Music JukeBox DataGrid ActiveX function call unicode access (web-client.rules)
13430 <-> WEB-CLIENT Yahoo Music JukeBox MediaGrid ActiveX clsid access (web-client.rules)
13431 <-> WEB-CLIENT Yahoo Music JukeBox MediaGrid ActiveX clsid unicode access (web-client.rules)
13432 <-> WEB-CLIENT Yahoo Music JukeBox MediaGrid ActiveX function call access (web-client.rules)
13433 <-> WEB-CLIENT Yahoo Music JukeBox MediaGrid ActiveX function call unicode access (web-client.rules)
13434 <-> WEB-CLIENT Aurigma Image Uploader 4 ActiveX clsid access (web-client.rules)
13435 <-> WEB-CLIENT Aurigma Image Uploader 4 ActiveX clsid unicode access (web-client.rules)
13436 <-> WEB-CLIENT Aurigma Image Uploader 4 ActiveX function call access (web-client.rules)
13437 <-> WEB-CLIENT Aurigma Image Uploader 4 ActiveX function call unicode access (web-client.rules)
13438 <-> WEB-CLIENT Aurigma Image Uploader 5 ActiveX clsid access (web-client.rules)
13439 <-> WEB-CLIENT Aurigma Image Uploader 5 ActiveX clsid unicode access (web-client.rules)
13440 <-> WEB-CLIENT Aurigma Image Uploader 5 ActiveX function call access (web-client.rules)
13441 <-> WEB-CLIENT Aurigma Image Uploader 5 ActiveX function call unicode access (web-client.rules)
13442 <-> WEB-CLIENT Aurigma Image Uploader 5 ActiveX clsid access (web-client.rules)
13443 <-> WEB-CLIENT Aurigma Image Uploader 5 ActiveX clsid unicode access (web-client.rules)
13444 <-> WEB-CLIENT Aurigma Image Uploader 5 ActiveX function call access (web-client.rules)
13445 <-> WEB-CLIENT Aurigma Image Uploader 5 ActiveX function call unicode access (web-client.rules)
13446 <-> WEB-CLIENT GlobalLink HanGamePlugin ActiveX clsid access (web-client.rules)
13447 <-> WEB-CLIENT GlobalLink HanGamePlugin ActiveX clsid unicode access (web-client.rules)
13465 <-> WEB-CLIENT Microsoft Works file download request (web-client.rules)
13467 <-> WEB-CLIENT Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid unicode access (web-client.rules)
13468 <-> WEB-CLIENT Office 2000 and 2002 Web Components Data Source Control ActiveX clsid unicode access (web-client.rules)
13473 <-> EXPLOIT Microsoft Publisher file download (exploit.rules)
13450 <-> BAD-TRAFFIC invalid dhcp offer denial of service attempt (bad-traffic.rules)
13451 <-> WEB-CLIENT Microsoft Visual FoxPro foxtlib ActiveX clsid access (web-client.rules)
13452 <-> WEB-CLIENT Microsoft Visual FoxPro foxtlib ActiveX clsid unicode access (web-client.rules)
13453 <-> WEB-CLIENT Microsoft DXLUTBuilder ActiveX clsid access (web-client.rules)
13454 <-> WEB-CLIENT Microsoft DXLUTBuilder ActiveX clsid unicode access (web-client.rules)
13455 <-> WEB-CLIENT Microsoft DXLUTBuilder ActiveX function call access (web-client.rules)
13456 <-> WEB-CLIENT Microsoft DXLUTBuilder ActiveX function call unicode access (web-client.rules)
13457 <-> WEB-CLIENT Microsoft Forms 2.0 ActiveX clsid access (web-client.rules)
13458 <-> WEB-CLIENT Microsoft Forms 2.0 ActiveX clsid unicode access (web-client.rules)
13459 <-> WEB-CLIENT Microsoft Forms 2.0 ActiveX function call access (web-client.rules)
13460 <-> WEB-CLIENT Microsoft Forms 2.0 ActiveX function call unicode access (web-client.rules)
13466 <-> WEB-CLIENT Microsoft Works heap corruption attempt (web-client.rules)
13469 <-> WEB-CLIENT Microsoft Word ole stream memory corruption attempt (web-client.rules)
13470 <-> EXPLOIT Microsoft Publisher invalid record overwrite (exploit.rules)
13471 <-> EXPLOIT Microsoft Publisher invalid pathname overwrite (exploit.rules)
13472 <-> EXPLOIT Microsoft Works invalid chunk size (exploit.rules)
13474 <-> WEB-CLIENT Microsoft WebDAV MiniRedir remote code execution attempt (web-client.rules)

Updated rules:
4170 <-> WEB-CLIENT Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (web-client.rules)
4171 <-> WEB-CLIENT Registration Wizard ActiveX Object Access (web-client.rules)
4173 <-> WEB-CLIENT MsnPUpld ActiveX Object Access (web-client.rules)
4177 <-> WEB-CLIENT Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid access (web-client.rules)
7870 <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX clsid access (web-client.rules)
7871 <-> WEB-CLIENT Microsoft Office Data Source Control 9.0 ActiveX clsid unicode access (web-client.rules)
12417 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX clsid access (web-client.rules)
12418 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX clsid unicode access (web-client.rules)
12419 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX function call access (web-client.rules)
12420 <-> WEB-CLIENT Microsoft Visual FoxPro ActiveX function call unicode access (web-client.rules)
12780 <-> WEB-CLIENT Aurigma Image Uploader 4 ActiveX clsid access (web-client.rules)
12781 <-> WEB-CLIENT Aurigma Image Uploader 4 ActiveX clsid unicode access (web-client.rules)
12782 <-> WEB-CLIENT Aurigma Image Uploader 4 ActiveX function call access (web-client.rules)
12783 <-> WEB-CLIENT Aurigma Image Uploader 4 ActiveX function call unicode access (web-client.rules)
Snort

Sourcefire VRT Rules Update

Date: 2008-02-12

Snort Links

Community

Sourcefire
