Talos Rules 2016-02-23
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-executable, file-flash, file-identify, file-java, file-office, file-other, file-pdf, indicator-obfuscation, indicator-shellcode, malware-cnc, os-solaris, os-windows, policy-other, protocol-imap, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2016-02-23 19:21:37 UTC

Snort Subscriber Rules Update

Date: 2016-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules)
 * 1:37782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules)
 * 1:37779 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules)
 * 1:37780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules)
 * 1:37778 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules)
 * 1:37777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules)
 * 1:37776 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules)
 * 1:37774 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37775 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37771 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37772 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules)
 * 1:37792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37791 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37790 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37789 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37773 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37836 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)
 * 1:37834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37827 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules)
 * 1:37825 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37826 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules)
 * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
 * 1:37824 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37821 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37820 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37819 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37817 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37816 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37812 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.handshake.client flowbit (policy-other.rules)
 * 1:37811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:37810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:37808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37800 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules)
 * 1:37801 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:37799 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:37794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules)
 * 1:37796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37798 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37766 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37769 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37768 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37765 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37818 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37764 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37763 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37823 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules)
 * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37758 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37757 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules)
 * 1:37752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules)
 * 1:37750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules)
 * 1:37748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules)
 * 1:37749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules)
 * 1:37745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules)
 * 1:37744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37852 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules)
 * 1:37849 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules)
 * 1:37770 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37840 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules)
 * 1:37844 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules)
 * 1:37846 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules)
 * 1:37847 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules)
 * 1:37838 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:37837 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)
 * 1:37851 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules)
 * 1:37850 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules)

Modified Rules:


 * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules)
 * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules)
 * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules)
 * 1:37686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
 * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:647 <-> DISABLED <-> INDICATOR-SHELLCODE Oracle sparc setuid 0 (indicator-shellcode.rules)
 * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules)
 * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules)
 * 1:37684 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules)
 * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules)
 * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35378 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35376 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35379 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35377 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules)
 * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:6470 <-> ENABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29272 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29273 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29270 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29271 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules)
 * 1:26601 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
 * 1:26590 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules)
 * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules)
 * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules)

2016-02-23 19:21:37 UTC

Snort Subscriber Rules Update

Date: 2016-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37773 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules)
 * 1:37781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules)
 * 1:37780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules)
 * 1:37778 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules)
 * 1:37779 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules)
 * 1:37776 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules)
 * 1:37777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules)
 * 1:37774 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37775 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37772 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37770 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37769 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:37789 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37790 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37791 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules)
 * 1:37792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules)
 * 1:37748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules)
 * 1:37749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules)
 * 1:37750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules)
 * 1:37793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules)
 * 1:37751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules)
 * 1:37752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules)
 * 1:37754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37757 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37758 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37763 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37764 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37765 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37766 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37768 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37798 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37799 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules)
 * 1:37800 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules)
 * 1:37801 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:37811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:37812 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.handshake.client flowbit (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37816 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:37817 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37819 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37818 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37820 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37821 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
 * 1:37824 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37823 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules)
 * 1:37825 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37826 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules)
 * 1:37827 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules)
 * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37836 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)
 * 1:37771 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37852 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules)
 * 1:37851 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules)
 * 1:37850 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules)
 * 1:37849 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules)
 * 1:37848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules)
 * 1:37847 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules)
 * 1:37846 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37840 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules)
 * 1:37839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules)
 * 1:37844 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:37838 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:37837 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)

Modified Rules:


 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules)
 * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules)
 * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules)
 * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules)
 * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules)
 * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules)
 * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:26590 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:26601 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
 * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules)
 * 1:29270 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29271 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29272 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29273 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules)
 * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:35376 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35377 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35379 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35378 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules)
 * 1:37684 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules)
 * 1:37685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules)
 * 1:37686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules)
 * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:647 <-> DISABLED <-> INDICATOR-SHELLCODE Oracle sparc setuid 0 (indicator-shellcode.rules)
 * 1:6470 <-> ENABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules)
 * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules)

2016-02-23 19:21:37 UTC

Snort Subscriber Rules Update

Date: 2016-02-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37801 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:37800 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules)
 * 1:37799 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules)
 * 1:37798 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules)
 * 1:37794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules)
 * 1:37793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules)
 * 1:37792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37791 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37790 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37789 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules)
 * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules)
 * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules)
 * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules)
 * 1:37783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules)
 * 1:37782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules)
 * 1:37852 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules)
 * 1:37851 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules)
 * 1:37850 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules)
 * 1:37849 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules)
 * 1:37848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules)
 * 1:37847 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules)
 * 1:37846 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules)
 * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules)
 * 1:37844 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:37840 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules)
 * 1:37839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules)
 * 1:37838 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:37837 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)
 * 1:37836 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)
 * 1:37835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:37827 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules)
 * 1:37826 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules)
 * 1:37825 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37824 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37823 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules)
 * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
 * 1:37821 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37820 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37819 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37818 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:37817 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37816 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules)
 * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules)
 * 1:37812 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.handshake.client flowbit (policy-other.rules)
 * 1:37811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:37810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules)
 * 1:37809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules)
 * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules)
 * 1:37780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules)
 * 1:37779 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules)
 * 1:37778 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules)
 * 1:37777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules)
 * 1:37776 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules)
 * 1:37775 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37774 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37773 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37772 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules)
 * 1:37771 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37770 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37769 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37768 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules)
 * 1:37767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37766 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37765 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37764 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules)
 * 1:37763 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules)
 * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37758 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37757 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules)
 * 1:37750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules)
 * 1:37749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules)
 * 1:37748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules)
 * 1:37747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules)
 * 1:37746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules)
 * 1:37745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
 * 1:37742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)

Modified Rules:


 * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules)
 * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules)
 * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules)
 * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules)
 * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules)
 * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules)
 * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules)
 * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules)
 * 1:26590 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:26601 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
 * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules)
 * 1:29270 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29271 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29272 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29273 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules)
 * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules)
 * 1:35376 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35377 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35378 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35379 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules)
 * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules)
 * 1:37684 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules)
 * 1:37685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules)
 * 1:37686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
 * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules)
 * 1:647 <-> DISABLED <-> INDICATOR-SHELLCODE Oracle sparc setuid 0 (indicator-shellcode.rules)
 * 1:6470 <-> ENABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules)
 * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules)