Snort :: Changes 2006-12-12

Sourcefire VRT Update

Date: 2006-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules:
9622 <-> DOS Spiffit UDP denial of service attempt (dos.rules)
9623 <-> RPC UNIX authentication machinename string overflow attempt TCP (rpc.rules)
9624 <-> RPC UNIX authentication machinename string overflow attempt UDP (rpc.rules)
9625 <-> WEB-CLIENT Windows Media Player ASX file ref href buffer overflow attempt (web-client.rules)
9626 <-> WEB-CLIENT AcroPDF.PDF ActiveX clsid access (web-client.rules)
9627 <-> WEB-CLIENT AcroPDF.PDF ActiveX clsid unicode access (web-client.rules)
9628 <-> WEB-CLIENT javaprxy.dll ActiveX clsid unicode access (web-client.rules)
9629 <-> WEB-CLIENT Citrix.ICAClient ActiveX clsid access (web-client.rules)
9630 <-> WEB-CLIENT Citrix.ICAClient ActiveX clsid unicode access (web-client.rules)
9631 <-> WEB-CLIENT Citrix.ICAClient ActiveX function call access (web-client.rules)
9632 <-> EXPLOIT Tivoli Storage Manager command request buffer overflow attempt (exploit.rules)
9633 <-> EXPLOIT Computer Associates Product Discovery Service type 9B remote buffer overflow attempt TCP (exploit.rules)
9634 <-> EXPLOIT Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP (exploit.rules)
9635 <-> EXPLOIT Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP (exploit.rules)
9636 <-> EXPLOIT Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP (exploit.rules)
9637 <-> WEB-CLIENT Adobe Download Manger dm.ini stack overflow attempt (web-client.rules)
9638 <-> TFTP PUT Microsoft RIS filename overwrite attempt (tftp.rules)
9639 <-> WEB-CLIENT Windows Address Book download attempt (web-client.rules)

Updated rules:
6412 <-> SMTP Windows Address Book attachment detected (smtp.rules)
6413 <-> SMTP Base64 encoded Windows Address Book attachment detected (smtp.rules)
6516 <-> WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX function call access (web-client.rules)
6682 <-> WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX function call access (web-client.rules)
6687 <-> WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX function call access (web-client.rules)
7004 <-> WEB-CLIENT Internet.HHCtrl.1 ActiveX function call access (web-client.rules)
7006 <-> WEB-CLIENT ASControls.InstallEngineCtl ActiveX function call access (web-client.rules)
7007 <-> WEB-CLIENT AxDebugger.Document.1 ActiveX function call access (web-client.rules)
7008 <-> WEB-CLIENT DirectAnimation.DAUserData ActiveX function call access (web-client.rules)
7009 <-> WEB-CLIENT DirectAnimation.StructuredGraphicsControl ActiveX function call access (web-client.rules)
7010 <-> WEB-CLIENT HtmlDlgSafeHelper.HtmlDlgSafeHelper.1 ActiveX function call access (web-client.rules)
7011 <-> WEB-CLIENT HtmlDlgSafeHelper.HtmlDlgSafeHelper ActiveX function call access (web-client.rules)
7012 <-> WEB-CLIENT Internet.PopupMenu.1 ActiveX function call access (web-client.rules)
7013 <-> WEB-CLIENT Microsoft.ISCatAdm ActiveX function call access (web-client.rules)
7014 <-> WEB-CLIENT NMSA.ASFSourceMediaDescription.1 ActiveX function call access (web-client.rules)
7015 <-> WEB-CLIENT NMSA.MediaDescription ActiveX function call access (web-client.rules)
7016 <-> WEB-CLIENT Object.Microsoft.DXTFilter ActiveX function call access (web-client.rules)
7017 <-> WEB-CLIENT RDS.DataControl ActiveX function call access (web-client.rules)
7018 <-> WEB-CLIENT Sysmon ActiveX function call access (web-client.rules)
7026 <-> WEB-CLIENT RDS.Dataspace ActiveX function call access (web-client.rules)
7862 <-> WEB-CLIENT McSubMgr.IsAppExpired ActiveX function call access (web-client.rules)
7863 <-> WEB-CLIENT McSubMgr.IsOldAppInstalled ActiveX function call access (web-client.rules)
7980 <-> WEB-CLIENT ShockwaveFlash.ShockwaveFlash.9 ActiveX function call access (web-client.rules)
8055 <-> WEB-CLIENT DirectAnimation.PathControl ActiveX function call access (web-client.rules)
8063 <-> WEB-CLIENT ADODB.Stream ActiveX function call access (web-client.rules)
8068 <-> WEB-CLIENT Windows Scripting Host Shell ActiveX function call access (web-client.rules)
8369 <-> WEB-CLIENT WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID access (web-client.rules)
8370 <-> WEB-CLIENT WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID unicode access (web-client.rules)
8416 <-> WEB-CLIENT VML fill method overflow attempt (web-client.rules)
8417 <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX function call access (web-client.rules)
8418 <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX function call access (web-client.rules)
8419 <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call access (web-client.rules)
8420 <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX function call access (web-client.rules)
8421 <-> WEB-CLIENT OWC11.DataSourceControl.11 ActiveX function call access (web-client.rules)
8422 <-> WEB-CLIENT OVCtl.OVCtl.1 ActiveX function call access (web-client.rules)
8423 <-> WEB-CLIENT CEnroll.CEnroll.2 ActiveX function call access (web-client.rules)
8424 <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX function call access (web-client.rules)
8425 <-> WEB-CLIENT DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access (web-client.rules)
Snort

Sourcefire VRT Update

Date: 2006-12-12

Snort Links

Community

Sourcefire
