Sourcefire VRT Update

Date: 2007-02-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
10137 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX clsid access (web-client.rules)
10138 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX clsid unicode access (web-client.rules)
10139 <-> WEB-CLIENT Microsoft Input Method Editor ActiveX function call access (web-client.rules)
10140 <-> WEB-CLIENT Microsoft Input Method Editor 2 ActiveX clsid access (web-client.rules)
10141 <-> WEB-CLIENT Microsoft Input Method Editor 2 ActiveX clsid unicode access (web-client.rules)
10142 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX clsid access (web-client.rules)
10143 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX clsid unicode access (web-client.rules)
10144 <-> WEB-CLIENT LexRefBilingualTextContext ActiveX function call access (web-client.rules)
10145 <-> WEB-CLIENT HTML Inline Sound Control ActiveX clsid access (web-client.rules)
10146 <-> WEB-CLIENT HTML Inline Sound Control ActiveX clsid unicode access (web-client.rules)
10147 <-> WEB-CLIENT HTML Inline Sound Control ActiveX function call access (web-client.rules)
10148 <-> WEB-CLIENT HTML Inline Movie Control ActiveX clsid access (web-client.rules)
10149 <-> WEB-CLIENT HTML Inline Movie Control ActiveX clsid unicode access (web-client.rules)
10150 <-> WEB-CLIENT HTML Inline Movie Control ActiveX function call access (web-client.rules)
10151 <-> WEB-CLIENT BlnSetUser Proxy ActiveX clsid access (web-client.rules)
10152 <-> WEB-CLIENT BlnSetUser Proxy ActiveX clsid unicode access (web-client.rules)
10153 <-> WEB-CLIENT BlnSetUser Proxy ActiveX function call access (web-client.rules)
10154 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid access (web-client.rules)
10155 <-> WEB-CLIENT BlnSetUser Proxy 2 ActiveX clsid unicode access (web-client.rules)

Updated rules:
4195 <-> WEB-CLIENT multipacket CBO CBL CBM file transfer attempt (web-client.rules)
4196 <-> WEB-CLIENT CBO CBL CBM file transfer attempt (web-client.rules)
7439 <-> WEB-CLIENT HTML Help ActiveX clsid access (web-client.rules)
7440 <-> WEB-CLIENT HTML Help ActiveX clsid unicode access (web-client.rules)
7866 <-> WEB-CLIENT ADODB.Connection ActiveX clsid access (web-client.rules)
7867 <-> WEB-CLIENT ADODB.Connection ActiveX clsid unicode access (web-client.rules)
9640 <-> WEB-CLIENT ADODB.Connection ActiveX function call access (web-client.rules)
10132 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
10133 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
10136 <-> TELNET Solaris login environment variable authentication bypass attempt (telnet.rules)