Talos Rules 2017-05-02
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-executable, file-flash, file-other, file-pdf, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-05-02 15:11:47 UTC

Snort Subscriber Rules Update

Date: 2017-05-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42421 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules)
 * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules)
 * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules)
 * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules)
 * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules)
 * 1:42405 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules)
 * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules)
 * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules)
 * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules)
 * 1:42403 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules)
 * 1:42404 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules)
 * 1:42425 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 3:42431 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0332 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:35811 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules)
 * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules)
 * 1:31610 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules)
 * 1:24777 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31608 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules)
 * 1:24775 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:38096 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:38097 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules)
 * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:35812 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules)

2017-05-02 15:11:47 UTC

Snort Subscriber Rules Update

Date: 2017-05-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42425 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42403 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules)
 * 1:42404 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules)
 * 1:42405 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules)
 * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules)
 * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules)
 * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules)
 * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules)
 * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules)
 * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules)
 * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules)
 * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42421 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 3:42431 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0332 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules)
 * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules)
 * 1:38096 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules)
 * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31610 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:31608 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules)
 * 1:24777 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24775 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:35811 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules)
 * 1:35812 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules)
 * 1:38097 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)

2017-05-02 15:11:47 UTC

Snort Subscriber Rules Update

Date: 2017-05-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules)
 * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules)
 * 1:42425 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42421 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules)
 * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules)
 * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules)
 * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules)
 * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules)
 * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules)
 * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules)
 * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules)
 * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules)
 * 1:42405 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules)
 * 1:42404 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules)
 * 1:42403 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules)
 * 3:42431 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0332 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24775 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24777 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules)
 * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules)
 * 1:31608 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:31610 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules)
 * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules)
 * 1:38097 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules)
 * 1:38096 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules)
 * 1:35812 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules)
 * 1:35811 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules)
 * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
 * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)