Talos Rules 2015-12-08
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Security Bulletin MS15-124: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 36673 through 36674.

New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 36917 through 36923, 36926 through 36929, 36934 through 36951, 36954 through 36957, 36962 through 36963, 36968 through 36969, 36978 through 36983, 36986 through 36988, 36991 through 36992, 37003 through 37004, and 37009 through 37010.

Microsoft Security Bulletin MS15-125: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 36673 through 36674.

New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 36917, 36932 through 36933, 36942 through 36943, 36950 through 36951, and 36984 through 36985.

Microsoft Security Bulletin MS15-126: A coding deficiency exists in Microsoft JScript and VBScript that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36922 through 36923.

Microsoft Security Bulletin MS15-128: A coding deficiency exists in Microsoft Graphics Component that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36964 through 36967.

Microsoft Security Bulletin MS15-129: A coding deficiency exists in Microsoft Silverlight that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36997 through 36998.

Microsoft Security Bulletin MS15-130: A coding deficiency exists in Microsoft Uniscribe that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36952 through 36953.

Microsoft Security Bulletin MS15-131: A coding deficiency exists in Microsoft Office that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36924 through 36925, 36958 through 36961, 36974 through 36975, and 37011 through 37013.

Microsoft Security Bulletin MS15-132: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36930 through 36931, 36993 through 36996, and 36999 through 37002.

Microsoft Security Bulletin MS15-134: A coding deficiency exists in Microsoft Media Center that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 36972 through 36973.

Microsoft Security Bulletin MS15-135: A coding deficiency exists in a Microsoft Kernel mode driver that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 35149 through 35150,

New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, 36970 through 36971, 36976 through 36977, and 36989 through 36990.

Talos has added and modified multiple rules in the browser-ie, browser-plugins, deleted, file-office, file-other, malware-cnc and policy-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-12-08 22:01:03 UTC

Snort Subscriber Rules Update

Date: 2015-12-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36999 <-> ENABLED <-> FILE-OFFICE Microsoft Office elsext.dll dll-load exploit attempt (file-office.rules)
 * 1:37002 <-> ENABLED <-> FILE-OFFICE Microsoft Office nwdblib.dll dll-load exploit attempt (file-office.rules)
 * 1:36998 <-> ENABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules)
 * 1:37001 <-> ENABLED <-> FILE-OFFICE Microsoft Office elsext.dll dll-load exploit attempt (file-office.rules)
 * 1:37003 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupPointer UnEmbed out of bounds read attempt (browser-ie.rules)
 * 1:37004 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupPointer UnEmbed out of bounds read attempt (browser-ie.rules)
 * 1:37005 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37007 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37008 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37009 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock object use after free attempt (browser-ie.rules)
 * 1:37010 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock object use after free attempt (browser-ie.rules)
 * 1:37012 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37013 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:36989 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (os-windows.rules)
 * 1:37011 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37006 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37000 <-> ENABLED <-> FILE-OFFICE Microsoft Office nwdblib.dll dll-load exploit attempt (file-office.rules)
 * 1:36988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cross origin policy bypass via redirect attempt (browser-ie.rules)
 * 1:36986 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules)
 * 1:36987 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules)
 * 1:36984 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (browser-ie.rules)
 * 1:36985 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (browser-ie.rules)
 * 1:36982 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer select use after free attempt (browser-ie.rules)
 * 1:36983 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer select use after free attempt (browser-ie.rules)
 * 1:36980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript argument type confusion attempt (browser-ie.rules)
 * 1:36981 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript argument type confusion attempt (browser-ie.rules)
 * 1:36978 <-> DISABLED <-> DELETED BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (deleted.rules)
 * 1:36979 <-> DISABLED <-> DELETED BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (deleted.rules)
 * 1:36974 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules)
 * 1:36977 <-> ENABLED <-> OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (os-windows.rules)
 * 1:36976 <-> ENABLED <-> OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (os-windows.rules)
 * 1:36975 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules)
 * 1:36972 <-> ENABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:36973 <-> ENABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:36970 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (os-windows.rules)
 * 1:36971 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (os-windows.rules)
 * 1:36968 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:36969 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:36966 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OGL module out of bounds read attempt (file-office.rules)
 * 1:36967 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OGL module out of bounds read attempt (file-office.rules)
 * 1:36964 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word gdiplus integer overflow attempt (file-office.rules)
 * 1:36965 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word gdiplus integer overflow attempt (file-office.rules)
 * 1:36962 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt (browser-ie.rules)
 * 1:36963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt (browser-ie.rules)
 * 1:36960 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules)
 * 1:36961 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules)
 * 1:36958 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt (file-office.rules)
 * 1:36959 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt (file-office.rules)
 * 1:36956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBoxBuilder UpdateColumnSize out of bounds read attempt (browser-ie.rules)
 * 1:36957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBoxBuilder UpdateColumnSize out of bounds read attempt (browser-ie.rules)
 * 1:36954 <-> DISABLED <-> DELETED BROWSER-PLUGINS Microsoft Windows CompatUI.dll ActiveX clsid access attempt (deleted.rules)
 * 1:36955 <-> DISABLED <-> DELETED BROWSER-PLUGINS Microsoft Windows CompatUI.dll ActiveX clsid access attempt (deleted.rules)
 * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36950 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36951 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36948 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell invalid index memory corruption attempt (browser-ie.rules)
 * 1:36949 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell invalid index memory corruption attempt (browser-ie.rules)
 * 1:36946 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyleSheet RemoveRule out of bounds read attempt (browser-ie.rules)
 * 1:36947 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyleSheet RemoveRule out of bounds read attempt (browser-ie.rules)
 * 1:36944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules)
 * 1:36945 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules)
 * 1:36942 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer flexbox use after free attempt (browser-ie.rules)
 * 1:36943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer flexbox use after free attempt (browser-ie.rules)
 * 1:36941 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSpliceTreeEngine RemoveSplice null pointer dereference attempt (browser-ie.rules)
 * 1:36940 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSpliceTreeEngine RemoveSplice null pointer dereference attempt (browser-ie.rules)
 * 1:36939 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid table grid memory corruption attempt (browser-ie.rules)
 * 1:36937 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock out of bounds read attempt (browser-ie.rules)
 * 1:36938 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid table grid memory corruption attempt (browser-ie.rules)
 * 1:36935 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word pointer release validation use after free attempt (file-office.rules)
 * 1:36936 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock out of bounds read attempt (browser-ie.rules)
 * 1:36933 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (browser-ie.rules)
 * 1:36934 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word pointer release validation use after free attempt (file-office.rules)
 * 1:36931 <-> ENABLED <-> FILE-OFFICE Microsoft Office wuaext.dll dll-load exploit attempt (file-office.rules)
 * 1:36932 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (browser-ie.rules)
 * 1:36929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout use after free attempt (browser-ie.rules)
 * 1:36930 <-> ENABLED <-> FILE-OFFICE Microsoft Office wuaext.dll dll-load exploit attempt (file-office.rules)
 * 1:36927 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CObjectElement type confusion attempt (browser-ie.rules)
 * 1:36928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout use after free attempt (browser-ie.rules)
 * 1:36925 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MSO reference count use after free attempt (file-office.rules)
 * 1:36926 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CObjectElement type confusion attempt (browser-ie.rules)
 * 1:36923 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules)
 * 1:36924 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MSO reference count use after free attempt (file-office.rules)
 * 1:36921 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid TableRow use after free attempt (browser-ie.rules)
 * 1:36922 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules)
 * 1:36919 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules)
 * 1:36920 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid TableRow use after free attempt (browser-ie.rules)
 * 1:36917 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iCalendar cross site scripting attempt (browser-ie.rules)
 * 1:36918 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules)
 * 1:36916 <-> ENABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:36914 <-> ENABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36997 <-> ENABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules)
 * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36992 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispContainer out of bounds read attempt (browser-ie.rules)
 * 1:36991 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispContainer out of bounds read attempt (browser-ie.rules)
 * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36990 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (os-windows.rules)

Modified Rules:


 * 1:36674 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetPlainText negative start index out of bounds write attempt (browser-ie.rules)
 * 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:36673 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetPlainText negative start index out of bounds write attempt (browser-ie.rules)
 * 1:35150 <-> ENABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:35149 <-> ENABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules)

2015-12-08 22:01:03 UTC

Snort Subscriber Rules Update

Date: 2015-12-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36914 <-> ENABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:36916 <-> ENABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:36917 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iCalendar cross site scripting attempt (browser-ie.rules)
 * 1:36918 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules)
 * 1:36919 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules)
 * 1:36920 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid TableRow use after free attempt (browser-ie.rules)
 * 1:36921 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid TableRow use after free attempt (browser-ie.rules)
 * 1:36922 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules)
 * 1:36923 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules)
 * 1:36924 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MSO reference count use after free attempt (file-office.rules)
 * 1:36925 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MSO reference count use after free attempt (file-office.rules)
 * 1:36926 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CObjectElement type confusion attempt (browser-ie.rules)
 * 1:36927 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CObjectElement type confusion attempt (browser-ie.rules)
 * 1:36928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout use after free attempt (browser-ie.rules)
 * 1:36929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout use after free attempt (browser-ie.rules)
 * 1:36930 <-> ENABLED <-> FILE-OFFICE Microsoft Office wuaext.dll dll-load exploit attempt (file-office.rules)
 * 1:36931 <-> ENABLED <-> FILE-OFFICE Microsoft Office wuaext.dll dll-load exploit attempt (file-office.rules)
 * 1:36932 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (browser-ie.rules)
 * 1:36933 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (browser-ie.rules)
 * 1:36934 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word pointer release validation use after free attempt (file-office.rules)
 * 1:36935 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word pointer release validation use after free attempt (file-office.rules)
 * 1:36936 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock out of bounds read attempt (browser-ie.rules)
 * 1:36937 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock out of bounds read attempt (browser-ie.rules)
 * 1:36938 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid table grid memory corruption attempt (browser-ie.rules)
 * 1:36939 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid table grid memory corruption attempt (browser-ie.rules)
 * 1:36940 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSpliceTreeEngine RemoveSplice null pointer dereference attempt (browser-ie.rules)
 * 1:36941 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSpliceTreeEngine RemoveSplice null pointer dereference attempt (browser-ie.rules)
 * 1:36942 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer flexbox use after free attempt (browser-ie.rules)
 * 1:36943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer flexbox use after free attempt (browser-ie.rules)
 * 1:36944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules)
 * 1:36945 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules)
 * 1:36946 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyleSheet RemoveRule out of bounds read attempt (browser-ie.rules)
 * 1:36947 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyleSheet RemoveRule out of bounds read attempt (browser-ie.rules)
 * 1:36948 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell invalid index memory corruption attempt (browser-ie.rules)
 * 1:36949 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell invalid index memory corruption attempt (browser-ie.rules)
 * 1:36950 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36951 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36954 <-> DISABLED <-> DELETED BROWSER-PLUGINS Microsoft Windows CompatUI.dll ActiveX clsid access attempt (deleted.rules)
 * 1:36955 <-> DISABLED <-> DELETED BROWSER-PLUGINS Microsoft Windows CompatUI.dll ActiveX clsid access attempt (deleted.rules)
 * 1:36956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBoxBuilder UpdateColumnSize out of bounds read attempt (browser-ie.rules)
 * 1:36957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBoxBuilder UpdateColumnSize out of bounds read attempt (browser-ie.rules)
 * 1:36958 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt (file-office.rules)
 * 1:36959 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt (file-office.rules)
 * 1:36960 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules)
 * 1:36961 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules)
 * 1:36962 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt (browser-ie.rules)
 * 1:36963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt (browser-ie.rules)
 * 1:36964 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word gdiplus integer overflow attempt (file-office.rules)
 * 1:36965 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word gdiplus integer overflow attempt (file-office.rules)
 * 1:36966 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OGL module out of bounds read attempt (file-office.rules)
 * 1:36967 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OGL module out of bounds read attempt (file-office.rules)
 * 1:36968 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:36969 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:36970 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (os-windows.rules)
 * 1:36971 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (os-windows.rules)
 * 1:36972 <-> ENABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:36973 <-> ENABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:36974 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules)
 * 1:36975 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules)
 * 1:36976 <-> ENABLED <-> OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (os-windows.rules)
 * 1:36977 <-> ENABLED <-> OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (os-windows.rules)
 * 1:36978 <-> DISABLED <-> DELETED BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (deleted.rules)
 * 1:36979 <-> DISABLED <-> DELETED BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (deleted.rules)
 * 1:36980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript argument type confusion attempt (browser-ie.rules)
 * 1:36981 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript argument type confusion attempt (browser-ie.rules)
 * 1:36982 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer select use after free attempt (browser-ie.rules)
 * 1:36983 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer select use after free attempt (browser-ie.rules)
 * 1:36984 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (browser-ie.rules)
 * 1:36985 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (browser-ie.rules)
 * 1:36986 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules)
 * 1:36987 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules)
 * 1:36988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cross origin policy bypass via redirect attempt (browser-ie.rules)
 * 1:37013 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37012 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37011 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37010 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock object use after free attempt (browser-ie.rules)
 * 1:37009 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock object use after free attempt (browser-ie.rules)
 * 1:37008 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37007 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37006 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37005 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37004 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupPointer UnEmbed out of bounds read attempt (browser-ie.rules)
 * 1:37003 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupPointer UnEmbed out of bounds read attempt (browser-ie.rules)
 * 1:37002 <-> ENABLED <-> FILE-OFFICE Microsoft Office nwdblib.dll dll-load exploit attempt (file-office.rules)
 * 1:37001 <-> ENABLED <-> FILE-OFFICE Microsoft Office elsext.dll dll-load exploit attempt (file-office.rules)
 * 1:37000 <-> ENABLED <-> FILE-OFFICE Microsoft Office nwdblib.dll dll-load exploit attempt (file-office.rules)
 * 1:36999 <-> ENABLED <-> FILE-OFFICE Microsoft Office elsext.dll dll-load exploit attempt (file-office.rules)
 * 1:36998 <-> ENABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules)
 * 1:36997 <-> ENABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules)
 * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36992 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispContainer out of bounds read attempt (browser-ie.rules)
 * 1:36991 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispContainer out of bounds read attempt (browser-ie.rules)
 * 1:36990 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (os-windows.rules)
 * 1:36989 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (os-windows.rules)

Modified Rules:


 * 1:36674 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetPlainText negative start index out of bounds write attempt (browser-ie.rules)
 * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:36673 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetPlainText negative start index out of bounds write attempt (browser-ie.rules)
 * 1:35150 <-> ENABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules)
 * 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:35149 <-> ENABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules)

2015-12-08 22:01:02 UTC

Snort Subscriber Rules Update

Date: 2015-12-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37004 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupPointer UnEmbed out of bounds read attempt (browser-ie.rules)
 * 1:37003 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupPointer UnEmbed out of bounds read attempt (browser-ie.rules)
 * 1:37002 <-> ENABLED <-> FILE-OFFICE Microsoft Office nwdblib.dll dll-load exploit attempt (file-office.rules)
 * 1:37001 <-> ENABLED <-> FILE-OFFICE Microsoft Office elsext.dll dll-load exploit attempt (file-office.rules)
 * 1:37000 <-> ENABLED <-> FILE-OFFICE Microsoft Office nwdblib.dll dll-load exploit attempt (file-office.rules)
 * 1:36999 <-> ENABLED <-> FILE-OFFICE Microsoft Office elsext.dll dll-load exploit attempt (file-office.rules)
 * 1:36998 <-> ENABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules)
 * 1:36997 <-> ENABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules)
 * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules)
 * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules)
 * 1:36992 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispContainer out of bounds read attempt (browser-ie.rules)
 * 1:36991 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispContainer out of bounds read attempt (browser-ie.rules)
 * 1:36990 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (os-windows.rules)
 * 1:36989 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (os-windows.rules)
 * 1:36988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cross origin policy bypass via redirect attempt (browser-ie.rules)
 * 1:36987 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules)
 * 1:36986 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules)
 * 1:36985 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (browser-ie.rules)
 * 1:36984 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (browser-ie.rules)
 * 1:36983 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer select use after free attempt (browser-ie.rules)
 * 1:37013 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37012 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37011 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37010 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock object use after free attempt (browser-ie.rules)
 * 1:37009 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock object use after free attempt (browser-ie.rules)
 * 1:37008 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37007 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37006 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37005 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36982 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer select use after free attempt (browser-ie.rules)
 * 1:36981 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript argument type confusion attempt (browser-ie.rules)
 * 1:36980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript argument type confusion attempt (browser-ie.rules)
 * 1:36979 <-> DISABLED <-> DELETED BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (deleted.rules)
 * 1:36978 <-> DISABLED <-> DELETED BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (deleted.rules)
 * 1:36977 <-> ENABLED <-> OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (os-windows.rules)
 * 1:36976 <-> ENABLED <-> OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (os-windows.rules)
 * 1:36975 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules)
 * 1:36974 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules)
 * 1:36973 <-> ENABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:36972 <-> ENABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:36971 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (os-windows.rules)
 * 1:36970 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (os-windows.rules)
 * 1:36969 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:36968 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:36967 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OGL module out of bounds read attempt (file-office.rules)
 * 1:36966 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OGL module out of bounds read attempt (file-office.rules)
 * 1:36965 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word gdiplus integer overflow attempt (file-office.rules)
 * 1:36964 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word gdiplus integer overflow attempt (file-office.rules)
 * 1:36963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt (browser-ie.rules)
 * 1:36962 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt (browser-ie.rules)
 * 1:36961 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules)
 * 1:36960 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules)
 * 1:36959 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt (file-office.rules)
 * 1:36958 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt (file-office.rules)
 * 1:36957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBoxBuilder UpdateColumnSize out of bounds read attempt (browser-ie.rules)
 * 1:36956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBoxBuilder UpdateColumnSize out of bounds read attempt (browser-ie.rules)
 * 1:36955 <-> DISABLED <-> DELETED BROWSER-PLUGINS Microsoft Windows CompatUI.dll ActiveX clsid access attempt (deleted.rules)
 * 1:36954 <-> DISABLED <-> DELETED BROWSER-PLUGINS Microsoft Windows CompatUI.dll ActiveX clsid access attempt (deleted.rules)
 * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules)
 * 1:36951 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36950 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules)
 * 1:36949 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell invalid index memory corruption attempt (browser-ie.rules)
 * 1:36948 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell invalid index memory corruption attempt (browser-ie.rules)
 * 1:36947 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyleSheet RemoveRule out of bounds read attempt (browser-ie.rules)
 * 1:36946 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyleSheet RemoveRule out of bounds read attempt (browser-ie.rules)
 * 1:36945 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules)
 * 1:36944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules)
 * 1:36943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer flexbox use after free attempt (browser-ie.rules)
 * 1:36942 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer flexbox use after free attempt (browser-ie.rules)
 * 1:36941 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSpliceTreeEngine RemoveSplice null pointer dereference attempt (browser-ie.rules)
 * 1:36940 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSpliceTreeEngine RemoveSplice null pointer dereference attempt (browser-ie.rules)
 * 1:36939 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid table grid memory corruption attempt (browser-ie.rules)
 * 1:36938 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid table grid memory corruption attempt (browser-ie.rules)
 * 1:36937 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock out of bounds read attempt (browser-ie.rules)
 * 1:36936 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock out of bounds read attempt (browser-ie.rules)
 * 1:36935 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word pointer release validation use after free attempt (file-office.rules)
 * 1:36934 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word pointer release validation use after free attempt (file-office.rules)
 * 1:36933 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (browser-ie.rules)
 * 1:36932 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (browser-ie.rules)
 * 1:36931 <-> ENABLED <-> FILE-OFFICE Microsoft Office wuaext.dll dll-load exploit attempt (file-office.rules)
 * 1:36930 <-> ENABLED <-> FILE-OFFICE Microsoft Office wuaext.dll dll-load exploit attempt (file-office.rules)
 * 1:36929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout use after free attempt (browser-ie.rules)
 * 1:36928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout use after free attempt (browser-ie.rules)
 * 1:36927 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CObjectElement type confusion attempt (browser-ie.rules)
 * 1:36926 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CObjectElement type confusion attempt (browser-ie.rules)
 * 1:36925 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MSO reference count use after free attempt (file-office.rules)
 * 1:36924 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MSO reference count use after free attempt (file-office.rules)
 * 1:36923 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules)
 * 1:36922 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules)
 * 1:36921 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid TableRow use after free attempt (browser-ie.rules)
 * 1:36920 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid TableRow use after free attempt (browser-ie.rules)
 * 1:36919 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules)
 * 1:36918 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules)
 * 1:36917 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iCalendar cross site scripting attempt (browser-ie.rules)
 * 1:36916 <-> ENABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules)
 * 1:36914 <-> ENABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)

Modified Rules:


 * 1:36673 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetPlainText negative start index out of bounds write attempt (browser-ie.rules)
 * 1:36674 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetPlainText negative start index out of bounds write attempt (browser-ie.rules)
 * 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:35149 <-> ENABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules)
 * 1:35150 <-> ENABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules)
 * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)