Talos Rules 2015-09-29
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-other, browser-plugins, exploit-kit, file-flash, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-shellcode, malware-cnc, malware-other, os-other, policy-other, protocol-ftp, protocol-rpc, protocol-voip, server-mail, server-other and sql rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-09-29 17:26:45 UTC

Snort Subscriber Rules Update

Date: 2015-09-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules)
 * 1:36238 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36207 <-> ENABLED <-> BLACKLIST DNS request for known malware domain init.icloud-analysis.com - XcodeGhost (blacklist.rules)
 * 1:36234 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules)
 * 1:36224 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript use after free attempt (browser-ie.rules)
 * 1:36243 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite frm_splitfrm remote file include attempt (server-webapp.rules)
 * 1:36204 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom uninitialized memory access attempt (file-office.rules)
 * 1:36232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36200 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ali5319ali.mooo.com - Win.Downloader.Bladabindi (blacklist.rules)
 * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules)
 * 1:36236 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36205 <-> ENABLED <-> BLACKLIST DNS request for known malware domain init.crash-analytics.com - XcodeGhost (blacklist.rules)
 * 1:36244 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:36202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36237 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules)
 * 1:36235 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36233 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36203 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom uninitialized memory access attempt (file-office.rules)
 * 1:36245 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:36206 <-> ENABLED <-> BLACKLIST DNS request for known malware domain init.icloud-diagnostics.com - XcodeGhost (blacklist.rules)
 * 1:36249 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSelectElement SetCurSel remote code execution attempt (browser-ie.rules)
 * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules)
 * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules)
 * 3:36209 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 3:36208 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 3:36246 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP header parsing memory leak attempt (protocol-voip.rules)

Modified Rules:


 * 1:36140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:16446 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp request (protocol-rpc.rules)
 * 1:36174 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36172 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36191 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:36192 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:36193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Exploit Kit decryption key detected (file-flash.rules)
 * 1:35052 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:35087 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules)
 * 1:20117 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint XSS (server-webapp.rules)
 * 1:20133 <-> DISABLED <-> FILE-OTHER MHTML XSS attempt (file-other.rules)
 * 1:20250 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client Remote Heap Buffer Overflow (server-other.rules)
 * 1:21351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli kuddb2 denial of service attempt (server-other.rules)
 * 1:21569 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer toStaticHTML XSS attempt (browser-ie.rules)
 * 1:23456 <-> DISABLED <-> SERVER-OTHER IBM Tivoli name overflow attempt (server-other.rules)
 * 1:26665 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules)
 * 1:26849 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript use after free attempt (browser-ie.rules)
 * 1:29443 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit outbound connection attempt (exploit-kit.rules)
 * 1:30122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSelectElement SetCurSel remote code execution attempt (browser-ie.rules)
 * 1:30794 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30803 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30876 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:30877 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:30892 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30893 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30894 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30895 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30961 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30962 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30964 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP remote command injection attempt (server-other.rules)
 * 1:31069 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP remote command injection attempt (server-other.rules)
 * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31288 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (server-webapp.rules)
 * 1:31380 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 onpropertychange remote code execution attempt (browser-ie.rules)
 * 1:31381 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 onpropertychange remote code execution attempt (browser-ie.rules)
 * 1:31403 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31404 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31519 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31521 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (server-other.rules)
 * 1:31694 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31838 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules)
 * 1:31975 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31985 <-> ENABLED <-> OS-OTHER Malicious DHCP server bash environment variable injection attempt (os-other.rules)
 * 1:32038 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32039 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32041 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32042 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32043 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32044 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules)
 * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules)
 * 1:32057 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules)
 * 1:32069 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32097 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32186 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32187 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32226 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32227 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32228 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32254 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32255 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32256 <-> ENABLED <-> FILE-OTHER GE Cimplicity bcl file loading external file attempt (file-other.rules)
 * 1:32257 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32258 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32259 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy INF file download attempt (malware-cnc.rules)
 * 1:32313 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32314 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32315 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32316 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32335 <-> DISABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:32336 <-> DISABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:32350 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:32362 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:32363 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:32366 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules)
 * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules)
 * 1:32887 <-> DISABLED <-> SERVER-WEBAPP ActualScripts ActualAnalyzer aa.php command injection attempt (server-webapp.rules)
 * 1:32901 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules)
 * 1:32902 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules)
 * 1:32962 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:32963 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:32964 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:33074 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules)
 * 1:33075 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules)
 * 1:33076 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:33166 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33167 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33168 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33169 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33261 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33262 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33269 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33320 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules)
 * 1:33322 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules)
 * 1:33367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33369 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33371 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33373 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33375 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33377 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33379 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33380 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33381 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33384 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33385 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33386 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33387 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33388 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33389 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33390 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33391 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33392 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33395 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33396 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33397 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33399 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33400 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33401 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33402 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33403 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33407 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33408 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33409 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33511 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33512 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33665 <-> ENABLED <-> SERVER-OTHER HP Client Automation command injection attempt (server-other.rules)
 * 1:33903 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:33904 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:33967 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33969 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33970 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules)
 * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules)
 * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules)
 * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34066 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34067 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34109 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34110 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34349 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34350 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34352 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34353 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34355 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34356 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34603 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:12423 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange CDO long header name (server-mail.rules)
 * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:16449 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin udp adm_build_path overflow attempt (protocol-rpc.rules)
 * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:34990 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules)
 * 1:34992 <-> DISABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:35048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:15876 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules)
 * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules)
 * 1:16448 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp adm_build_path overflow attempt (protocol-rpc.rules)
 * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:17737 <-> DISABLED <-> SERVER-MAIL Microsoft collaboration data objects buffer overflow attempt (server-mail.rules)
 * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules)
 * 1:17735 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules)
 * 1:36173 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36177 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36168 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36167 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36160 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:35086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36147 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules)
 * 1:36135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35088 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35954 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules)
 * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
 * 1:36151 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36146 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:35948 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36141 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36136 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36137 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35089 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35950 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35947 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36163 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:36150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:35251 <-> DISABLED <-> SERVER-OTHER Advantech ADAMView conditional bitmap buffer overflow attempt (server-other.rules)
 * 1:35252 <-> DISABLED <-> SERVER-OTHER Advantech ADAMView conditional bitmap buffer overflow attempt (server-other.rules)
 * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36148 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules)
 * 1:35095 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:36142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:35946 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35051 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35949 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35952 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:35953 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:36161 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:35951 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36159 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:36162 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:35945 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:36145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:36164 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36138 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:36152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36166 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36175 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36165 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:35096 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36169 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36171 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36170 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36176 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)

2015-09-29 17:26:45 UTC

Snort Subscriber Rules Update

Date: 2015-09-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules)
 * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules)
 * 1:36249 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSelectElement SetCurSel remote code execution attempt (browser-ie.rules)
 * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules)
 * 1:36206 <-> ENABLED <-> BLACKLIST DNS request for known malware domain init.icloud-diagnostics.com - XcodeGhost (blacklist.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:36245 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:36203 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom uninitialized memory access attempt (file-office.rules)
 * 1:36233 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36235 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules)
 * 1:36231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36237 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36244 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:36205 <-> ENABLED <-> BLACKLIST DNS request for known malware domain init.crash-analytics.com - XcodeGhost (blacklist.rules)
 * 1:36236 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules)
 * 1:36200 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ali5319ali.mooo.com - Win.Downloader.Bladabindi (blacklist.rules)
 * 1:36232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36243 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite frm_splitfrm remote file include attempt (server-webapp.rules)
 * 1:36204 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom uninitialized memory access attempt (file-office.rules)
 * 1:36224 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript use after free attempt (browser-ie.rules)
 * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules)
 * 1:36234 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36207 <-> ENABLED <-> BLACKLIST DNS request for known malware domain init.icloud-analysis.com - XcodeGhost (blacklist.rules)
 * 1:36238 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 3:36246 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP header parsing memory leak attempt (protocol-voip.rules)
 * 3:36209 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 3:36208 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)

Modified Rules:


 * 1:35049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:35950 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35949 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:12423 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange CDO long header name (server-mail.rules)
 * 1:15876 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules)
 * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:35095 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35089 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Exploit Kit decryption key detected (file-flash.rules)
 * 1:36192 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:36191 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:36176 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36177 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36175 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36174 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36173 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36171 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36172 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36170 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36169 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36168 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36167 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36166 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36165 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36164 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36163 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36161 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36162 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36160 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36159 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36151 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36148 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules)
 * 1:36147 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules)
 * 1:36146 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:36145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:36144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:36143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:35087 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35052 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:35051 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:36141 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35088 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35251 <-> DISABLED <-> SERVER-OTHER Advantech ADAMView conditional bitmap buffer overflow attempt (server-other.rules)
 * 1:35252 <-> DISABLED <-> SERVER-OTHER Advantech ADAMView conditional bitmap buffer overflow attempt (server-other.rules)
 * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
 * 1:36138 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:36137 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules)
 * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:35945 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35946 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36136 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35947 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35948 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35096 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35954 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35951 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35953 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35952 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules)
 * 1:16446 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp request (protocol-rpc.rules)
 * 1:16448 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp adm_build_path overflow attempt (protocol-rpc.rules)
 * 1:16449 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin udp adm_build_path overflow attempt (protocol-rpc.rules)
 * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:17735 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules)
 * 1:17737 <-> DISABLED <-> SERVER-MAIL Microsoft collaboration data objects buffer overflow attempt (server-mail.rules)
 * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules)
 * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules)
 * 1:20117 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint XSS (server-webapp.rules)
 * 1:20133 <-> DISABLED <-> FILE-OTHER MHTML XSS attempt (file-other.rules)
 * 1:20250 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client Remote Heap Buffer Overflow (server-other.rules)
 * 1:21351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli kuddb2 denial of service attempt (server-other.rules)
 * 1:21569 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer toStaticHTML XSS attempt (browser-ie.rules)
 * 1:23456 <-> DISABLED <-> SERVER-OTHER IBM Tivoli name overflow attempt (server-other.rules)
 * 1:26665 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules)
 * 1:26849 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript use after free attempt (browser-ie.rules)
 * 1:29443 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit outbound connection attempt (exploit-kit.rules)
 * 1:30122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSelectElement SetCurSel remote code execution attempt (browser-ie.rules)
 * 1:30794 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30803 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30876 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:30877 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:30892 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30893 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30894 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30895 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30961 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30962 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30964 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP remote command injection attempt (server-other.rules)
 * 1:31069 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP remote command injection attempt (server-other.rules)
 * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31288 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (server-webapp.rules)
 * 1:31380 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 onpropertychange remote code execution attempt (browser-ie.rules)
 * 1:31381 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 onpropertychange remote code execution attempt (browser-ie.rules)
 * 1:31403 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31404 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31519 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31521 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (server-other.rules)
 * 1:31694 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31838 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules)
 * 1:31975 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31985 <-> ENABLED <-> OS-OTHER Malicious DHCP server bash environment variable injection attempt (os-other.rules)
 * 1:32038 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32039 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32041 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32042 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32043 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32044 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules)
 * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules)
 * 1:32057 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules)
 * 1:32069 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32097 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32186 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32187 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32226 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32227 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32228 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32254 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32255 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32256 <-> ENABLED <-> FILE-OTHER GE Cimplicity bcl file loading external file attempt (file-other.rules)
 * 1:32257 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32258 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32259 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy INF file download attempt (malware-cnc.rules)
 * 1:32313 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32314 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32315 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32316 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32335 <-> DISABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:32336 <-> DISABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:32350 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:32362 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:32363 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:32366 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules)
 * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules)
 * 1:32887 <-> DISABLED <-> SERVER-WEBAPP ActualScripts ActualAnalyzer aa.php command injection attempt (server-webapp.rules)
 * 1:32901 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules)
 * 1:32902 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules)
 * 1:32962 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:32963 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:32964 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:33074 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules)
 * 1:33075 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules)
 * 1:33076 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:33166 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33167 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33168 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33169 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33261 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33262 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33269 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33320 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules)
 * 1:33322 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules)
 * 1:33367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33369 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33371 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33373 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33375 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33377 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33379 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33380 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33381 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33384 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33385 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33386 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33387 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33388 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33389 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33390 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33391 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33392 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33395 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33396 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33397 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33399 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33400 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33401 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33402 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33403 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33407 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33408 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33409 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33511 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33512 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33665 <-> ENABLED <-> SERVER-OTHER HP Client Automation command injection attempt (server-other.rules)
 * 1:33903 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:33904 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:33967 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33969 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33970 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules)
 * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules)
 * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules)
 * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34066 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34067 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34109 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34110 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34349 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34350 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34352 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34353 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34355 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34356 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34603 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:34990 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules)
 * 1:34992 <-> DISABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:35048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)

2015-09-29 17:26:45 UTC

Snort Subscriber Rules Update

Date: 2015-09-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36249 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSelectElement SetCurSel remote code execution attempt (browser-ie.rules)
 * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules)
 * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules)
 * 1:36245 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:36244 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:36243 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite frm_splitfrm remote file include attempt (server-webapp.rules)
 * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules)
 * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules)
 * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules)
 * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules)
 * 1:36238 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36237 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36236 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36235 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules)
 * 1:36234 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36233 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36224 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript use after free attempt (browser-ie.rules)
 * 1:36207 <-> ENABLED <-> BLACKLIST DNS request for known malware domain init.icloud-analysis.com - XcodeGhost (blacklist.rules)
 * 1:36206 <-> ENABLED <-> BLACKLIST DNS request for known malware domain init.icloud-diagnostics.com - XcodeGhost (blacklist.rules)
 * 1:36205 <-> ENABLED <-> BLACKLIST DNS request for known malware domain init.crash-analytics.com - XcodeGhost (blacklist.rules)
 * 1:36204 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom uninitialized memory access attempt (file-office.rules)
 * 1:36203 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom uninitialized memory access attempt (file-office.rules)
 * 1:36202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules)
 * 1:36200 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ali5319ali.mooo.com - Win.Downloader.Bladabindi (blacklist.rules)
 * 3:36246 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP header parsing memory leak attempt (protocol-voip.rules)
 * 3:36208 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 3:36209 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)

Modified Rules:


 * 1:36193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Exploit Kit decryption key detected (file-flash.rules)
 * 1:36192 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:36191 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:36177 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36176 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36175 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36174 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36173 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36172 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36171 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36170 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36169 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36168 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36167 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36166 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36165 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36164 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36163 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36162 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36161 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36160 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36159 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36151 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36148 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules)
 * 1:36147 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules)
 * 1:36146 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:36145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:36144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:36143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:36142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36141 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36138 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36137 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36136 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:36135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35954 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35953 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35952 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35951 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35950 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35949 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35948 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35947 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35946 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35945 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules)
 * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules)
 * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
 * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35252 <-> DISABLED <-> SERVER-OTHER Advantech ADAMView conditional bitmap buffer overflow attempt (server-other.rules)
 * 1:35251 <-> DISABLED <-> SERVER-OTHER Advantech ADAMView conditional bitmap buffer overflow attempt (server-other.rules)
 * 1:35096 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35095 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35089 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35088 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35087 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:35052 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:35051 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:35049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:35048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:34992 <-> DISABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules)
 * 1:34990 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules)
 * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:34603 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:34357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34356 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34355 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:34353 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34352 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34350 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34349 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34110 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34109 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34067 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34066 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules)
 * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules)
 * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules)
 * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules)
 * 1:33970 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33969 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33967 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules)
 * 1:33904 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:33903 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:33665 <-> ENABLED <-> SERVER-OTHER HP Client Automation command injection attempt (server-other.rules)
 * 1:33512 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33511 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33409 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33408 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33407 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33403 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33402 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33401 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33400 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33399 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33397 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33396 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33395 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33392 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33391 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33390 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33389 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33388 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33387 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33386 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33385 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33384 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33381 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33380 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33379 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33377 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33375 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33373 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33371 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33369 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33322 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules)
 * 1:33320 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules)
 * 1:33270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33269 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33262 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33261 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33169 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33168 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33167 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33166 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:33076 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules)
 * 1:33075 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules)
 * 1:33074 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules)
 * 1:32964 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:32963 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:32962 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:32902 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules)
 * 1:32901 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules)
 * 1:32887 <-> DISABLED <-> SERVER-WEBAPP ActualScripts ActualAnalyzer aa.php command injection attempt (server-webapp.rules)
 * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules)
 * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules)
 * 1:32366 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32363 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:32362 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:32350 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules)
 * 1:32336 <-> DISABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:32335 <-> DISABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:32316 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32315 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32314 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32313 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32259 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy INF file download attempt (malware-cnc.rules)
 * 1:32258 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32257 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32256 <-> ENABLED <-> FILE-OTHER GE Cimplicity bcl file loading external file attempt (file-other.rules)
 * 1:32255 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32254 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules)
 * 1:32229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32228 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32227 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32226 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:32187 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32186 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32097 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32069 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32057 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules)
 * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules)
 * 1:32044 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules)
 * 1:32043 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32042 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32041 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32039 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:32038 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules)
 * 1:31985 <-> ENABLED <-> OS-OTHER Malicious DHCP server bash environment variable injection attempt (os-other.rules)
 * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31975 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31838 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules)
 * 1:31694 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (server-other.rules)
 * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31521 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31519 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:31404 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31403 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31381 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 onpropertychange remote code execution attempt (browser-ie.rules)
 * 1:31380 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 onpropertychange remote code execution attempt (browser-ie.rules)
 * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (server-webapp.rules)
 * 1:31288 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules)
 * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31069 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP remote command injection attempt (server-other.rules)
 * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP remote command injection attempt (server-other.rules)
 * 1:30964 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30962 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30961 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules)
 * 1:30895 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30894 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30893 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30892 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30877 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:30876 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules)
 * 1:30803 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30794 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules)
 * 1:30122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSelectElement SetCurSel remote code execution attempt (browser-ie.rules)
 * 1:29443 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit outbound connection attempt (exploit-kit.rules)
 * 1:26849 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript use after free attempt (browser-ie.rules)
 * 1:26665 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules)
 * 1:23456 <-> DISABLED <-> SERVER-OTHER IBM Tivoli name overflow attempt (server-other.rules)
 * 1:21569 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer toStaticHTML XSS attempt (browser-ie.rules)
 * 1:21351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli kuddb2 denial of service attempt (server-other.rules)
 * 1:20250 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client Remote Heap Buffer Overflow (server-other.rules)
 * 1:20133 <-> DISABLED <-> FILE-OTHER MHTML XSS attempt (file-other.rules)
 * 1:20117 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint XSS (server-webapp.rules)
 * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules)
 * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules)
 * 1:17737 <-> DISABLED <-> SERVER-MAIL Microsoft collaboration data objects buffer overflow attempt (server-mail.rules)
 * 1:17735 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules)
 * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules)
 * 1:16449 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin udp adm_build_path overflow attempt (protocol-rpc.rules)
 * 1:16448 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp adm_build_path overflow attempt (protocol-rpc.rules)
 * 1:16446 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp request (protocol-rpc.rules)
 * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules)
 * 1:15876 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules)
 * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules)
 * 1:12423 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange CDO long header name (server-mail.rules)