Talos Rules 2016-07-12
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, file-flash and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2016-07-13 00:02:48 UTC

Snort Subscriber Rules Update

Date: 2016-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39530 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules)
 * 1:39532 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules)
 * 1:39531 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules)
 * 1:39534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules)
 * 1:39549 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules)
 * 1:39547 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules)
 * 1:39548 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules)
 * 1:39545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules)
 * 1:39537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules)
 * 1:39536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules)
 * 1:39533 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules)
 * 1:39572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules)
 * 1:39535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules)
 * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:39567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:39568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:39569 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules)
 * 1:39538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules)
 * 1:39570 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules)
 * 1:39571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules)
 * 1:39541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39546 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules)
 * 1:39550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules)
 * 1:39551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules)
 * 1:39552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules)
 * 1:39554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules)
 * 1:39555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules)
 * 1:39556 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules)
 * 1:39557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules)
 * 1:39558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free  attempt (file-flash.rules)
 * 1:39559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free  attempt (file-flash.rules)
 * 1:39560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:39562 <-> DISABLED <-> SERVER-WEBAPP Invision Power Board index.php content_class PHP code injection attempt (server-webapp.rules)
 * 1:39561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:39564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules)
 * 1:39553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules)
 * 1:39563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules)

Modified Rules:


 * 1:33300 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules)
 * 1:38875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules)
 * 1:39498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules)
 * 1:37653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:38874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules)
 * 1:37652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:33302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules)

2016-07-13 00:02:48 UTC

Snort Subscriber Rules Update

Date: 2016-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39549 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules)
 * 1:39548 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules)
 * 1:39547 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules)
 * 1:39545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules)
 * 1:39537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules)
 * 1:39536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules)
 * 1:39533 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules)
 * 1:39530 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules)
 * 1:39532 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules)
 * 1:39531 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules)
 * 1:39534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules)
 * 1:39535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules)
 * 1:39538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules)
 * 1:39541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39546 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules)
 * 1:39550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules)
 * 1:39551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules)
 * 1:39552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules)
 * 1:39553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules)
 * 1:39554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules)
 * 1:39555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules)
 * 1:39556 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules)
 * 1:39557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules)
 * 1:39558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free  attempt (file-flash.rules)
 * 1:39559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free  attempt (file-flash.rules)
 * 1:39560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:39561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:39562 <-> DISABLED <-> SERVER-WEBAPP Invision Power Board index.php content_class PHP code injection attempt (server-webapp.rules)
 * 1:39572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules)
 * 1:39571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules)
 * 1:39570 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules)
 * 1:39569 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules)
 * 1:39568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:39567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:39564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules)
 * 1:39563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules)

Modified Rules:


 * 1:39498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules)
 * 1:38875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules)
 * 1:38874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules)
 * 1:37653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:33302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:37652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules)
 * 1:33300 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules)

2016-07-13 00:02:48 UTC

Snort Subscriber Rules Update

Date: 2016-07-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules)
 * 1:39571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules)
 * 1:39570 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules)
 * 1:39569 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules)
 * 1:39568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:39567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:39564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules)
 * 1:39563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules)
 * 1:39562 <-> DISABLED <-> SERVER-WEBAPP Invision Power Board index.php content_class PHP code injection attempt (server-webapp.rules)
 * 1:39561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:39560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:39559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free  attempt (file-flash.rules)
 * 1:39558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free  attempt (file-flash.rules)
 * 1:39557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules)
 * 1:39556 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules)
 * 1:39555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules)
 * 1:39554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules)
 * 1:39553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules)
 * 1:39552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules)
 * 1:39551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules)
 * 1:39550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules)
 * 1:39549 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules)
 * 1:39548 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules)
 * 1:39547 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules)
 * 1:39546 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules)
 * 1:39545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules)
 * 1:39538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules)
 * 1:39537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules)
 * 1:39536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules)
 * 1:39535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules)
 * 1:39534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules)
 * 1:39533 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules)
 * 1:39532 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules)
 * 1:39531 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules)
 * 1:39530 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules)

Modified Rules:


 * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules)
 * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules)
 * 1:33300 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:33302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules)
 * 1:37652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:37653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules)
 * 1:38874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules)
 * 1:38875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules)
 * 1:39498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules)