Sourcefire VRT Rules Update

Date: 2008-10-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
14628 <-> WEB-CLIENT Office 2000 and 2002 Web Components Chart ActiveX clsid unicode access (web-client.rules)
14629 <-> WEB-CLIENT Office 2000 and 2002 Web Components PivotTable ActiveX clsid unicode access (web-client.rules)
14630 <-> WEB-CLIENT Office 2000 and 2002 Web Components Data Source Control ActiveX clsid unicode access (web-client.rules)
14631 <-> WEB-CLIENT SystemRequirementsLab ActiveX clsid access (web-client.rules)
14632 <-> WEB-CLIENT SystemRequirementsLab ActiveX clsid unicode access (web-client.rules)
14633 <-> WEB-CLIENT PhotoStockPlus ActiveX clsid access (web-client.rules)
14634 <-> WEB-CLIENT PhotoStockPlus ActiveX clsid unicode access (web-client.rules)
14635 <-> WEB-CLIENT Microsoft RSClientPrint ActiveX clsid access (web-client.rules)
14636 <-> WEB-CLIENT Microsoft RSClientPrint ActiveX clsid unicode access (web-client.rules)
14637 <-> WEB-CLIENT Microsoft PicturePusher ActiveX clsid access (web-client.rules)
14638 <-> WEB-CLIENT Microsoft PicturePusher ActiveX clsid unicode access (web-client.rules)
14639 <-> WEB-CLIENT Microsoft PicturePusher ActiveX function call access (web-client.rules)
14640 <-> WEB-CLIENT Microsoft PicturePusher ActiveX function call unicode access (web-client.rules)

Updated rules:
3073 <-> IMAP SUBSCRIBE literal overflow attempt (imap.rules)
3074 <-> IMAP SUBSCRIBE overflow attempt (imap.rules)
5702 <-> IMAP SUBSCRIBE directory traversal attempt (imap.rules)