Talos Rules 2015-07-14
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Security Bulletin MS15-058: Microsoft SQL Server suffers from programming errors that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 35198.

Microsoft Security Bulletin MS15-065: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 35116 through 35117, 35119 through 35128, 35133 through 35134, 35139 through 35140, 35145 through 35146, 35152 through 35159, 35164 through 35165, 35170 through 35173, 35178 through 35185, 35192 through 35197, 35199 through 35200, and 35203 through 35214.

Microsoft Security Bulletin MS15-067: A coding deficiency exists in Microsoft RDP that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 35151.

Microsoft Security Bulletin MS15-069: Microsoft Windows suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 35166 through 35169 and 35215 through 35216.

Microsoft Security Bulletin MS15-070: Coding deficiencies exist in Microsoft Office that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 35129 through 35130, 35137 through 35138, 35141 through 35144, 35176 through 35177, 35190 through 35191, and 35201 through 35202.

Microsoft Security Bulletin MS15-072: A coding deficiency exists in Microsoft Graphics Components that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 35160 through 35163.

Microsoft Security Bulletin MS15-073: Coding deficiencies exist in Microsoft Kernel-Mode drivers that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 35131 through 35132, 35135 through 35136, and 35149 through 35150.

Microsoft Security Bulletin MS15-075: A coding deficiency exists in Microsoft OLE that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 35186 through 35189.

Microsoft Security Bulletin MS15-076: A coding deficiency exists in Microsoft Remote Procedure Call that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 35174 through 35175.

Talos has also added and modified multiple rules in the browser-ie, browser-webkit, file-flash, file-office, os-windows, policy-other and server-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-07-14 17:49:24 UTC

Snort Subscriber Rules Update

Date: 2015-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35207 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON stringify double free attempt (browser-ie.rules)
 * 1:35208 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON stringify double free attempt (browser-ie.rules)
 * 1:35209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35213 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 VBScript array element use after free attempt (browser-ie.rules)
 * 1:35214 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 VBScript array element use after free attempt (browser-ie.rules)
 * 1:35205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35215 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode atlthunk.dll dll-load exploit attempt (browser-ie.rules)
 * 1:35216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode atlthunk.dll dll-load exploit attempt (browser-ie.rules)
 * 1:35217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules)
 * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules)
 * 1:35114 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules)
 * 1:35115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules)
 * 1:35116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer svg elements use after free attempt (browser-ie.rules)
 * 1:35117 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer svg elements use after free attempt (browser-ie.rules)
 * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules)
 * 1:35119 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode type confusion attempt (browser-ie.rules)
 * 1:35120 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode type confusion attempt (browser-ie.rules)
 * 1:35121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextArea use after free attempt (browser-ie.rules)
 * 1:35122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextArea use after free attempt (browser-ie.rules)
 * 1:35123 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow use after free attempt (browser-ie.rules)
 * 1:35124 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow use after free attempt (browser-ie.rules)
 * 1:35125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput use after free attempt (browser-ie.rules)
 * 1:35126 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput use after free attempt (browser-ie.rules)
 * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Windows Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Windows Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35129 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules)
 * 1:35130 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules)
 * 1:35131 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules)
 * 1:35132 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules)
 * 1:35133 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox read permission bypass attempt (browser-ie.rules)
 * 1:35134 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox read permission bypass attempt (browser-ie.rules)
 * 1:35135 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules)
 * 1:35136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules)
 * 1:35137 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory access attempt (file-office.rules)
 * 1:35138 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory access attempt (file-office.rules)
 * 1:35139 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox permission bypass registry read attempt (browser-ie.rules)
 * 1:35140 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox permission bypass registry read attempt (browser-ie.rules)
 * 1:35141 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed workbook record remote code execution attempt (file-office.rules)
 * 1:35142 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed workbook record remote code execution attempt (file-office.rules)
 * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules)
 * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules)
 * 1:35145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection use after free attempt (browser-ie.rules)
 * 1:35146 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection use after free attempt (browser-ie.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35149 <-> ENABLED <-> OS-WINDOWS Microsoft Windows new desktop pointer dereference attempt (os-windows.rules)
 * 1:35150 <-> ENABLED <-> OS-WINDOWS Microsoft Windows new desktop pointer dereference attempt (os-windows.rules)
 * 1:35151 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RDP server PDU length heap overflow attempt (os-windows.rules)
 * 1:35152 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer memory access through an uninitialized pointer attempt (browser-ie.rules)
 * 1:35153 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer memory access through an uninitialized pointer attempt (browser-ie.rules)
 * 1:35154 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules)
 * 1:35155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules)
 * 1:35156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection object out of bounds memory access attempt (browser-ie.rules)
 * 1:35157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection object out of bounds memory access attempt (browser-ie.rules)
 * 1:35158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFancyFormat object use-after-free attempt (browser-ie.rules)
 * 1:35159 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFancyFormat object use-after-free attempt (browser-ie.rules)
 * 1:35160 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35161 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35162 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35163 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object use after free attempt (browser-ie.rules)
 * 1:35165 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object use after free attempt (browser-ie.rules)
 * 1:35166 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules)
 * 1:35167 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules)
 * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules)
 * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules)
 * 1:35170 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MutationObserver memory corruption attempt (browser-ie.rules)
 * 1:35171 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MutationObserver memory corruption attempt (browser-ie.rules)
 * 1:35172 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use after free attempt (browser-ie.rules)
 * 1:35173 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use after free attempt (browser-ie.rules)
 * 1:35174 <-> ENABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
 * 1:35175 <-> ENABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
 * 1:35176 <-> ENABLED <-> FILE-OFFICE Microsoft Excel c legend remote code execution attempt (file-office.rules)
 * 1:35177 <-> ENABLED <-> FILE-OFFICE Microsoft Excel c legend remote code execution attempt (file-office.rules)
 * 1:35178 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute object use after free attempt (browser-ie.rules)
 * 1:35179 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute object use after free attempt (browser-ie.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35182 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column resize use-after-free attempt (browser-ie.rules)
 * 1:35183 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column resize use-after-free attempt (browser-ie.rules)
 * 1:35184 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35185 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35190 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmPItap heap corruption attempt (file-office.rules)
 * 1:35191 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmPItap heap corruption attempt (file-office.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35202 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OCX use after free attempt (file-office.rules)
 * 1:35203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFieldSetElement object use after free attempt (browser-ie.rules)
 * 1:35199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TreeComputedContent object use after free attempt (browser-ie.rules)
 * 1:35200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TreeComputedContent object use after free attempt (browser-ie.rules)
 * 1:35201 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OCX use after free attempt (file-office.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35198 <-> ENABLED <-> SERVER-MYSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mysql.rules)
 * 1:35196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFieldSetElement object use after free attempt (browser-ie.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)

Modified Rules:


 * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:20593 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules)

2015-07-14 17:49:24 UTC

Snort Subscriber Rules Update

Date: 2015-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35130 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules)
 * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules)
 * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules)
 * 1:35114 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules)
 * 1:35115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules)
 * 1:35116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer svg elements use after free attempt (browser-ie.rules)
 * 1:35117 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer svg elements use after free attempt (browser-ie.rules)
 * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules)
 * 1:35119 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode type confusion attempt (browser-ie.rules)
 * 1:35120 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode type confusion attempt (browser-ie.rules)
 * 1:35121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextArea use after free attempt (browser-ie.rules)
 * 1:35122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextArea use after free attempt (browser-ie.rules)
 * 1:35123 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow use after free attempt (browser-ie.rules)
 * 1:35124 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow use after free attempt (browser-ie.rules)
 * 1:35125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput use after free attempt (browser-ie.rules)
 * 1:35126 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput use after free attempt (browser-ie.rules)
 * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Windows Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Windows Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35129 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules)
 * 1:35131 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules)
 * 1:35132 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules)
 * 1:35133 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox read permission bypass attempt (browser-ie.rules)
 * 1:35134 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox read permission bypass attempt (browser-ie.rules)
 * 1:35135 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules)
 * 1:35136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules)
 * 1:35137 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory access attempt (file-office.rules)
 * 1:35138 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory access attempt (file-office.rules)
 * 1:35139 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox permission bypass registry read attempt (browser-ie.rules)
 * 1:35140 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox permission bypass registry read attempt (browser-ie.rules)
 * 1:35141 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed workbook record remote code execution attempt (file-office.rules)
 * 1:35142 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed workbook record remote code execution attempt (file-office.rules)
 * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules)
 * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules)
 * 1:35145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection use after free attempt (browser-ie.rules)
 * 1:35146 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection use after free attempt (browser-ie.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35149 <-> ENABLED <-> OS-WINDOWS Microsoft Windows new desktop pointer dereference attempt (os-windows.rules)
 * 1:35150 <-> ENABLED <-> OS-WINDOWS Microsoft Windows new desktop pointer dereference attempt (os-windows.rules)
 * 1:35151 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RDP server PDU length heap overflow attempt (os-windows.rules)
 * 1:35152 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer memory access through an uninitialized pointer attempt (browser-ie.rules)
 * 1:35153 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer memory access through an uninitialized pointer attempt (browser-ie.rules)
 * 1:35154 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules)
 * 1:35155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules)
 * 1:35156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection object out of bounds memory access attempt (browser-ie.rules)
 * 1:35157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection object out of bounds memory access attempt (browser-ie.rules)
 * 1:35158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFancyFormat object use-after-free attempt (browser-ie.rules)
 * 1:35159 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFancyFormat object use-after-free attempt (browser-ie.rules)
 * 1:35160 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35161 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35162 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35163 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object use after free attempt (browser-ie.rules)
 * 1:35165 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object use after free attempt (browser-ie.rules)
 * 1:35166 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules)
 * 1:35167 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules)
 * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules)
 * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules)
 * 1:35170 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MutationObserver memory corruption attempt (browser-ie.rules)
 * 1:35171 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MutationObserver memory corruption attempt (browser-ie.rules)
 * 1:35172 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use after free attempt (browser-ie.rules)
 * 1:35173 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use after free attempt (browser-ie.rules)
 * 1:35174 <-> ENABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
 * 1:35175 <-> ENABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
 * 1:35176 <-> ENABLED <-> FILE-OFFICE Microsoft Excel c legend remote code execution attempt (file-office.rules)
 * 1:35177 <-> ENABLED <-> FILE-OFFICE Microsoft Excel c legend remote code execution attempt (file-office.rules)
 * 1:35178 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute object use after free attempt (browser-ie.rules)
 * 1:35179 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute object use after free attempt (browser-ie.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35182 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column resize use-after-free attempt (browser-ie.rules)
 * 1:35183 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column resize use-after-free attempt (browser-ie.rules)
 * 1:35184 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35185 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35190 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmPItap heap corruption attempt (file-office.rules)
 * 1:35191 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmPItap heap corruption attempt (file-office.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode atlthunk.dll dll-load exploit attempt (browser-ie.rules)
 * 1:35215 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode atlthunk.dll dll-load exploit attempt (browser-ie.rules)
 * 1:35214 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 VBScript array element use after free attempt (browser-ie.rules)
 * 1:35213 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 VBScript array element use after free attempt (browser-ie.rules)
 * 1:35212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35208 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON stringify double free attempt (browser-ie.rules)
 * 1:35207 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON stringify double free attempt (browser-ie.rules)
 * 1:35206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35202 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OCX use after free attempt (file-office.rules)
 * 1:35201 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OCX use after free attempt (file-office.rules)
 * 1:35200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TreeComputedContent object use after free attempt (browser-ie.rules)
 * 1:35199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TreeComputedContent object use after free attempt (browser-ie.rules)
 * 1:35197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFieldSetElement object use after free attempt (browser-ie.rules)
 * 1:35198 <-> ENABLED <-> SERVER-MYSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mysql.rules)
 * 1:35196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFieldSetElement object use after free attempt (browser-ie.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)

Modified Rules:


 * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:20593 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules)

2015-07-14 17:49:24 UTC

Snort Subscriber Rules Update

Date: 2015-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFieldSetElement object use after free attempt (browser-ie.rules)
 * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules)
 * 1:35191 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmPItap heap corruption attempt (file-office.rules)
 * 1:35190 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmPItap heap corruption attempt (file-office.rules)
 * 1:35189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:35185 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35184 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35183 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column resize use-after-free attempt (browser-ie.rules)
 * 1:35182 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column resize use-after-free attempt (browser-ie.rules)
 * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules)
 * 1:35179 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute object use after free attempt (browser-ie.rules)
 * 1:35178 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute object use after free attempt (browser-ie.rules)
 * 1:35177 <-> ENABLED <-> FILE-OFFICE Microsoft Excel c legend remote code execution attempt (file-office.rules)
 * 1:35220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules)
 * 1:35216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode atlthunk.dll dll-load exploit attempt (browser-ie.rules)
 * 1:35215 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode atlthunk.dll dll-load exploit attempt (browser-ie.rules)
 * 1:35214 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 VBScript array element use after free attempt (browser-ie.rules)
 * 1:35213 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 VBScript array element use after free attempt (browser-ie.rules)
 * 1:35212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules)
 * 1:35208 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON stringify double free attempt (browser-ie.rules)
 * 1:35207 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON stringify double free attempt (browser-ie.rules)
 * 1:35206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules)
 * 1:35202 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OCX use after free attempt (file-office.rules)
 * 1:35201 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OCX use after free attempt (file-office.rules)
 * 1:35200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TreeComputedContent object use after free attempt (browser-ie.rules)
 * 1:35199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TreeComputedContent object use after free attempt (browser-ie.rules)
 * 1:35198 <-> ENABLED <-> SERVER-MYSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mysql.rules)
 * 1:35197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFieldSetElement object use after free attempt (browser-ie.rules)
 * 1:35176 <-> ENABLED <-> FILE-OFFICE Microsoft Excel c legend remote code execution attempt (file-office.rules)
 * 1:35175 <-> ENABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
 * 1:35174 <-> ENABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
 * 1:35173 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use after free attempt (browser-ie.rules)
 * 1:35172 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use after free attempt (browser-ie.rules)
 * 1:35171 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MutationObserver memory corruption attempt (browser-ie.rules)
 * 1:35170 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MutationObserver memory corruption attempt (browser-ie.rules)
 * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules)
 * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules)
 * 1:35167 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules)
 * 1:35166 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules)
 * 1:35165 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object use after free attempt (browser-ie.rules)
 * 1:35164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object use after free attempt (browser-ie.rules)
 * 1:35163 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35162 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35161 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35160 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules)
 * 1:35159 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFancyFormat object use-after-free attempt (browser-ie.rules)
 * 1:35158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFancyFormat object use-after-free attempt (browser-ie.rules)
 * 1:35157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection object out of bounds memory access attempt (browser-ie.rules)
 * 1:35156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection object out of bounds memory access attempt (browser-ie.rules)
 * 1:35155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules)
 * 1:35154 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules)
 * 1:35153 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer memory access through an uninitialized pointer attempt (browser-ie.rules)
 * 1:35152 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer memory access through an uninitialized pointer attempt (browser-ie.rules)
 * 1:35151 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RDP server PDU length heap overflow attempt (os-windows.rules)
 * 1:35150 <-> ENABLED <-> OS-WINDOWS Microsoft Windows new desktop pointer dereference attempt (os-windows.rules)
 * 1:35149 <-> ENABLED <-> OS-WINDOWS Microsoft Windows new desktop pointer dereference attempt (os-windows.rules)
 * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules)
 * 1:35146 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection use after free attempt (browser-ie.rules)
 * 1:35145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection use after free attempt (browser-ie.rules)
 * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules)
 * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules)
 * 1:35142 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed workbook record remote code execution attempt (file-office.rules)
 * 1:35141 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed workbook record remote code execution attempt (file-office.rules)
 * 1:35140 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox permission bypass registry read attempt (browser-ie.rules)
 * 1:35139 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox permission bypass registry read attempt (browser-ie.rules)
 * 1:35138 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory access attempt (file-office.rules)
 * 1:35137 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory access attempt (file-office.rules)
 * 1:35136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules)
 * 1:35135 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules)
 * 1:35134 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox read permission bypass attempt (browser-ie.rules)
 * 1:35133 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox read permission bypass attempt (browser-ie.rules)
 * 1:35132 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules)
 * 1:35131 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules)
 * 1:35130 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules)
 * 1:35129 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules)
 * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Windows Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Windows Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35126 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput use after free attempt (browser-ie.rules)
 * 1:35125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput use after free attempt (browser-ie.rules)
 * 1:35124 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow use after free attempt (browser-ie.rules)
 * 1:35123 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow use after free attempt (browser-ie.rules)
 * 1:35122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextArea use after free attempt (browser-ie.rules)
 * 1:35121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextArea use after free attempt (browser-ie.rules)
 * 1:35120 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode type confusion attempt (browser-ie.rules)
 * 1:35119 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode type confusion attempt (browser-ie.rules)
 * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules)
 * 1:35117 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer svg elements use after free attempt (browser-ie.rules)
 * 1:35116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer svg elements use after free attempt (browser-ie.rules)
 * 1:35115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules)
 * 1:35114 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules)
 * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules)
 * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules)

Modified Rules:


 * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:20593 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules)