Talos Rules 2016-11-08
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-other rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2016-11-09 00:55:21 UTC

Snort Subscriber Rules Update

Date: 2016-11-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:40739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionExtends use after free attempt (file-flash.rules)
 * 1:40735 <-> ENABLED <-> FILE-FLASH Adobe Flash MovieClip proto chain manipulation targeting constructor use after free attempt (file-flash.rules)
 * 1:40738 <-> ENABLED <-> FILE-FLASH Adobe Adobe Flash Player ActionExtends use after free attempt (file-flash.rules)
 * 1:40737 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules)
 * 1:40736 <-> ENABLED <-> FILE-FLASH Adobe Flash Player  Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules)
 * 1:40740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player addCallback use after free attempt (file-flash.rules)
 * 1:40741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player addCallback use after free attempt (file-flash.rules)
 * 1:40742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules)
 * 1:40743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules)
 * 1:40744 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK setObject type confusion attempt (file-flash.rules)
 * 1:40748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative setFocus use after free attempt (file-flash.rules)
 * 1:40749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative setFocus use after free attempt (file-flash.rules)
 * 1:40734 <-> ENABLED <-> FILE-FLASH Adobe Flash MovieClip proto chain manipulation targeting constructor use after free attempt (file-flash.rules)
 * 1:40745 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK setObject type confusion attempt (file-flash.rules)
 * 1:40747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules)
 * 1:40746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules)

Modified Rules:


 * 1:40729 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:40730 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:37230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)
 * 1:37229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)

2016-11-09 00:55:21 UTC

Snort Subscriber Rules Update

Date: 2016-11-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:40749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative setFocus use after free attempt (file-flash.rules)
 * 1:40748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative setFocus use after free attempt (file-flash.rules)
 * 1:40747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules)
 * 1:40746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules)
 * 1:40745 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK setObject type confusion attempt (file-flash.rules)
 * 1:40744 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK setObject type confusion attempt (file-flash.rules)
 * 1:40743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules)
 * 1:40742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules)
 * 1:40741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player addCallback use after free attempt (file-flash.rules)
 * 1:40740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player addCallback use after free attempt (file-flash.rules)
 * 1:40739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionExtends use after free attempt (file-flash.rules)
 * 1:40738 <-> ENABLED <-> FILE-FLASH Adobe Adobe Flash Player ActionExtends use after free attempt (file-flash.rules)
 * 1:40737 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules)
 * 1:40736 <-> ENABLED <-> FILE-FLASH Adobe Flash Player  Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules)
 * 1:40735 <-> ENABLED <-> FILE-FLASH Adobe Flash MovieClip proto chain manipulation targeting constructor use after free attempt (file-flash.rules)
 * 1:40734 <-> ENABLED <-> FILE-FLASH Adobe Flash MovieClip proto chain manipulation targeting constructor use after free attempt (file-flash.rules)

Modified Rules:


 * 1:37229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)
 * 1:37230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)
 * 1:40729 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:40730 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)