Sourcefire VRT Update
Date: 2006-10-02
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 8417 <-> Disabled <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX function call access (web-client.rules) 8418 <-> Disabled <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX function call access (web-client.rules) 8419 <-> Disabled <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call access (web-client.rules) 8420 <-> Disabled <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX function call access (web-client.rules) 8421 <-> Disabled <-> WEB-CLIENT OWC11.DataSourceControl.11 ActiveX function call access (web-client.rules) 8422 <-> Disabled <-> WEB-CLIENT OVCtl.OVCtl.1 ActiveX function call access (web-client.rules) 8423 <-> Disabled <-> WEB-CLIENT CEnroll.CEnroll.2 ActiveX function call access (web-client.rules) 8424 <-> Disabled <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX function call access (web-client.rules) 8425 <-> Disabled <-> WEB-CLIENT DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access (web-client.rules) Updated rules: 3143 <-> Enabled <-> NETBIOS SMB Trans2 FIND_FIRST2 response overflow attempt (netbios.rules) 3144 <-> Enabled <-> NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules) 3145 <-> Enabled <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (netbios.rules) 3146 <-> Enabled <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules) 3687 <-> Enabled <-> TELNET client ENV OPT USERVAR information disclosure (telnet.rules) 3688 <-> Enabled <-> TELNET client ENV OPT VAR information disclosure (telnet.rules) 7922 <-> Disabled <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX CLSID access (web-client.rules) 7923 <-> Disabled <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX CLSID unicode access (web-client.rules) 7940 <-> Disabled <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX CLSID access (web-client.rules) 7941 <-> Disabled <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX CLSID unicode access (web-client.rules) 7956 <-> Disabled <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX CLSID access (web-client.rules) 7957 <-> Disabled <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX CLSID unicode access (web-client.rules) 7985 <-> Disabled <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID access (web-client.rules) 7986 <-> Disabled <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID unicode access (web-client.rules) 8086 <-> Enabled <-> WEB-MISC HP Openview NNM cdpView.ovpl port 3443 Unix command execution attempt (web-misc.rules) 8087 <-> Enabled <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl port 3443 Unix command execution attempt (web-misc.rules) 8088 <-> Enabled <-> WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt (web-misc.rules) 8089 <-> Enabled <-> WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt (web-misc.rules) 8090 <-> Enabled <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules) 8414 <-> Disabled <-> WEB-CLIENT GIF image width descriptor buffer overflow attempt (web-client.rules) 8416 <-> Disabled <-> WEB-CLIENT VML fill method overflow attempt (web-client.rules)
