The VRT has added and modified multiple rules in the app-detect, blacklist, browser-plugins, exploit, file-flash, file-java, file-office, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31527 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound detected (malware-cnc.rules) * 1:31538 <-> DISABLED <-> BROWSER-PLUGINS UltraCrypto ActiveX clsid access attempt (browser-plugins.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules) * 1:31544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules) * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (server-other.rules) * 1:31528 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound detected (malware-cnc.rules) * 1:31531 <-> ENABLED <-> INDICATOR-COMPROMISE MinerDeploy monitor request attempt (indicator-compromise.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31539 <-> DISABLED <-> BROWSER-PLUGINS UltraCrypto ActiveX clsid access attempt (browser-plugins.rules) * 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31542 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products info.cgi request buffer overflow attempt (server-webapp.rules) * 1:31543 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (blacklist.rules) * 1:31526 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31530 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31545 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules) * 1:31525 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31546 <-> DISABLED <-> SERVER-WEBAPP Ultimate PHP Board admin_iplog remote code execution attempt (server-webapp.rules) * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31557 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user-agent string - Mozilla/5.0 - Win.Backdoor.Andromeda (blacklist.rules) * 1:31556 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules)
* 1:31395 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31396 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31397 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31360 <-> DISABLED <-> SERVER-WEBAPP PHP include parameter remote file include attempt (server-webapp.rules) * 1:31394 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31392 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31393 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules) * 1:31377 <-> DISABLED <-> SERVER-WEBAPP PHP includedir parameter remote file include attempt (server-webapp.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:23874 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:23875 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:20732 <-> DISABLED <-> SERVER-WEBAPP Sabdrimer PHP pluginpath remote file include attempt (server-webapp.rules) * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 3:30942 <-> ENABLED <-> EXPLOIT Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (exploit.rules) * 3:30943 <-> ENABLED <-> EXPLOIT Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (exploit.rules) * 3:30932 <-> ENABLED <-> EXPLOIT Cisco WebEx WRF heap corruption attempt (exploit.rules) * 3:30921 <-> ENABLED <-> EXPLOIT Cisco WebEx Player atas32.dll memory overread attempt (exploit.rules) * 3:30902 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules) * 3:30922 <-> ENABLED <-> EXPLOIT Cisco WebEx Player atas32.dll memory overread attempt (exploit.rules) * 3:30912 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules) * 3:30913 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules) * 3:30903 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules) * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules) * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (server-other.rules) * 1:31528 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound detected (malware-cnc.rules) * 1:31531 <-> ENABLED <-> INDICATOR-COMPROMISE MinerDeploy monitor request attempt (indicator-compromise.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31538 <-> DISABLED <-> BROWSER-PLUGINS UltraCrypto ActiveX clsid access attempt (browser-plugins.rules) * 1:31533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31525 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31530 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31526 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31542 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products info.cgi request buffer overflow attempt (server-webapp.rules) * 1:31543 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (blacklist.rules) * 1:31527 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound detected (malware-cnc.rules) * 1:31545 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules) * 1:31546 <-> DISABLED <-> SERVER-WEBAPP Ultimate PHP Board admin_iplog remote code execution attempt (server-webapp.rules) * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31539 <-> DISABLED <-> BROWSER-PLUGINS UltraCrypto ActiveX clsid access attempt (browser-plugins.rules) * 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31556 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31557 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user-agent string - Mozilla/5.0 - Win.Backdoor.Andromeda (blacklist.rules)
* 1:31397 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31395 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31396 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31393 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31394 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31377 <-> DISABLED <-> SERVER-WEBAPP PHP includedir parameter remote file include attempt (server-webapp.rules) * 1:31392 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules) * 1:31360 <-> DISABLED <-> SERVER-WEBAPP PHP include parameter remote file include attempt (server-webapp.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:23875 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23874 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:20732 <-> DISABLED <-> SERVER-WEBAPP Sabdrimer PHP pluginpath remote file include attempt (server-webapp.rules) * 3:30943 <-> ENABLED <-> EXPLOIT Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (exploit.rules) * 3:30932 <-> ENABLED <-> EXPLOIT Cisco WebEx WRF heap corruption attempt (exploit.rules) * 3:30942 <-> ENABLED <-> EXPLOIT Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (exploit.rules) * 3:30921 <-> ENABLED <-> EXPLOIT Cisco WebEx Player atas32.dll memory overread attempt (exploit.rules) * 3:30922 <-> ENABLED <-> EXPLOIT Cisco WebEx Player atas32.dll memory overread attempt (exploit.rules) * 3:30912 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules) * 3:30913 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules) * 3:30902 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules) * 3:30903 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31557 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user-agent string - Mozilla/5.0 - Win.Backdoor.Andromeda (blacklist.rules) * 1:31556 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules) * 1:31546 <-> DISABLED <-> SERVER-WEBAPP Ultimate PHP Board admin_iplog remote code execution attempt (server-webapp.rules) * 1:31545 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules) * 1:31544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules) * 1:31543 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (blacklist.rules) * 1:31542 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products info.cgi request buffer overflow attempt (server-webapp.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31539 <-> DISABLED <-> BROWSER-PLUGINS UltraCrypto ActiveX clsid access attempt (browser-plugins.rules) * 1:31538 <-> DISABLED <-> BROWSER-PLUGINS UltraCrypto ActiveX clsid access attempt (browser-plugins.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules) * 1:31531 <-> ENABLED <-> INDICATOR-COMPROMISE MinerDeploy monitor request attempt (indicator-compromise.rules) * 1:31530 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (server-other.rules) * 1:31528 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound detected (malware-cnc.rules) * 1:31527 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound detected (malware-cnc.rules) * 1:31526 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31525 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules)
* 1:31397 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31395 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31396 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31393 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31394 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31377 <-> DISABLED <-> SERVER-WEBAPP PHP includedir parameter remote file include attempt (server-webapp.rules) * 1:31392 <-> ENABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules) * 1:31360 <-> DISABLED <-> SERVER-WEBAPP PHP include parameter remote file include attempt (server-webapp.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:23874 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23875 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:20732 <-> DISABLED <-> SERVER-WEBAPP Sabdrimer PHP pluginpath remote file include attempt (server-webapp.rules) * 3:30943 <-> ENABLED <-> EXPLOIT Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (exploit.rules) * 3:30932 <-> ENABLED <-> EXPLOIT Cisco WebEx WRF heap corruption attempt (exploit.rules) * 3:30942 <-> ENABLED <-> EXPLOIT Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (exploit.rules) * 3:30921 <-> ENABLED <-> EXPLOIT Cisco WebEx Player atas32.dll memory overread attempt (exploit.rules) * 3:30922 <-> ENABLED <-> EXPLOIT Cisco WebEx Player atas32.dll memory overread attempt (exploit.rules) * 3:30912 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules) * 3:30913 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules) * 3:30902 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules) * 3:30903 <-> ENABLED <-> EXPLOIT Cisco Webex WRF heap corruption attempt (exploit.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
