Sourcefire VRT Update

Date: 2007-01-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
9844 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - single packet (web-client.rules)
9845 <-> WEB-CLIENT M3U File Download Detected (web-client.rules)
9846 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - multipacket (web-client.rules)
9847 <-> WEB-CLIENT Outlook Saved Search download attempt (web-client.rules)
9848 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (web-client.rules)
9849 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (web-client.rules)

Updated rules:
8705 <-> SMTP YPOPS buffer overflow attempt (smtp.rules)
9671 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid access (web-client.rules)
9672 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid unicode access (web-client.rules)
9673 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX function call access (web-client.rules)
9793 <-> WEB-CLIENT YMMAPI.YMailAttach ActiveX clsid access (web-client.rules)
9794 <-> WEB-CLIENT YMMAPI.YMailAttach ActiveX clsid unicode access (web-client.rules)
9801 <-> WEB-CLIENT Windows Media Player Malformed MIDI File denial of service attempt (web-client.rules)
9812 <-> WEB-CLIENT Yahoo Messenger YMailAttach ActiveX function call access (web-client.rules)
9823 <-> WEB-CLIENT QuickTime RTSP URI overflow attempt (web-client.rules)
9824 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid access (web-client.rules)
9825 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid unicode access (web-client.rules)
9826 <-> WEB-CLIENT Rediff Bol Downloader ActiveX function call access (web-client.rules)
9840 <-> WEB-CLIENT QuickTime HREF Track Detected (web-client.rules)
9841 <-> SMTP Microsoft Outlook VEVENT overflow attempt (smtp.rules)