Sourcefire VRT Update
Date: 2007-01-10
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 9844 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - single packet (web-client.rules) 9845 <-> WEB-CLIENT M3U File Download Detected (web-client.rules) 9846 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - multipacket (web-client.rules) 9847 <-> WEB-CLIENT Outlook Saved Search download attempt (web-client.rules) 9848 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (web-client.rules) 9849 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (web-client.rules) Updated rules: 8705 <-> SMTP YPOPS buffer overflow attempt (smtp.rules) 9671 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid access (web-client.rules) 9672 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid unicode access (web-client.rules) 9673 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX function call access (web-client.rules) 9793 <-> WEB-CLIENT YMMAPI.YMailAttach ActiveX clsid access (web-client.rules) 9794 <-> WEB-CLIENT YMMAPI.YMailAttach ActiveX clsid unicode access (web-client.rules) 9801 <-> WEB-CLIENT Windows Media Player Malformed MIDI File denial of service attempt (web-client.rules) 9812 <-> WEB-CLIENT Yahoo Messenger YMailAttach ActiveX function call access (web-client.rules) 9823 <-> WEB-CLIENT QuickTime RTSP URI overflow attempt (web-client.rules) 9824 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid access (web-client.rules) 9825 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid unicode access (web-client.rules) 9826 <-> WEB-CLIENT Rediff Bol Downloader ActiveX function call access (web-client.rules) 9840 <-> WEB-CLIENT QuickTime HREF Track Detected (web-client.rules) 9841 <-> SMTP Microsoft Outlook VEVENT overflow attempt (smtp.rules)
