Talos Rules 2017-06-29
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, file-flash, file-identify, file-image, file-other, indicator-compromise, malware-cnc, netbios, os-other, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-06-29 18:00:48 UTC

Snort Subscriber Rules Update

Date: 2017-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43423 <-> DISABLED <-> DELETED rfhewhf784rh7qrhq87rh2378ry228jpr8q8wjrq98wr8r (deleted.rules)
 * 1:43422 <-> DISABLED <-> DELETED rfhewhf784rh7qrhq87rh2378ry228jpr8q8wjrq98wr8r (deleted.rules)
 * 1:43421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules)
 * 1:43420 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules)
 * 1:43419 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules)
 * 1:43418 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules)
 * 1:43417 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules)
 * 1:43416 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules)
 * 1:43415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43414 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules)
 * 1:43405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules)
 * 1:43404 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center directory traversal directory traversal attempt (server-webapp.rules)
 * 1:43403 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center directory traversal directory traversal attempt (server-webapp.rules)
 * 1:43402 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center directory traversal directory traversal attempt (server-webapp.rules)
 * 1:43401 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43400 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43399 <-> DISABLED <-> FILE-IMAGE multiple products PNG processing buffer overflow attempt (file-image.rules)
 * 1:43398 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules)
 * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (server-other.rules)
 * 1:43396 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules)
 * 1:43395 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules)
 * 1:43394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules)
 * 1:43393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules)
 * 1:43392 <-> DISABLED <-> SERVER-WEBAPP MySQL Commander remote file include attempt (server-webapp.rules)
 * 1:43391 <-> DISABLED <-> SERVER-WEBAPP MySQL Commander remote file include attempt (server-webapp.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (indicator-compromise.rules)
 * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules)
 * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules)
 * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules)
 * 1:43383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules)
 * 1:43382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules)
 * 1:43381 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules)
 * 1:43380 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules)
 * 1:43379 <-> DISABLED <-> SERVER-WEBAPP CA ERwin Web Portal ProfileIconServlet directory traversal attempt  (server-webapp.rules)
 * 1:43378 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43377 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43376 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43375 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43374 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43373 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43372 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43371 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (netbios.rules)
 * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules)
 * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules)
 * 1:43367 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules)
 * 1:43366 <-> DISABLED <-> SERVER-WEBAPP Piwigo directory traversal attempt (server-webapp.rules)
 * 1:43365 <-> DISABLED <-> SERVER-WEBAPP Wordpress Complete Gallery Manager arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43362 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)
 * 1:43361 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)
 * 1:43360 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)
 * 1:43359 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)

Modified Rules:


 * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules)
 * 1:16716 <-> DISABLED <-> FILE-IMAGE multiple products PNG processing buffer overflow attempt (file-image.rules)
 * 1:17258 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules)
 * 1:17303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules)
 * 1:19168 <-> DISABLED <-> SERVER-WEBAPP Oracle GoldenGate Veridata Server soap request overflow attempt (server-webapp.rules)
 * 1:23174 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules)
 * 1:23175 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules)
 * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules)
 * 1:29650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:29651 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:38835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules)
 * 1:38836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules)
 * 1:43184 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43191 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway performBackupNow.do command injection attempt (server-webapp.rules)

2017-06-29 18:00:48 UTC

Snort Subscriber Rules Update

Date: 2017-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43359 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)
 * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:43362 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)
 * 1:43365 <-> DISABLED <-> SERVER-WEBAPP Wordpress Complete Gallery Manager arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:43366 <-> DISABLED <-> SERVER-WEBAPP Piwigo directory traversal attempt (server-webapp.rules)
 * 1:43367 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules)
 * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules)
 * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (netbios.rules)
 * 1:43371 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43372 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules)
 * 1:43373 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43374 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43375 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43376 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43377 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43378 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43379 <-> DISABLED <-> SERVER-WEBAPP CA ERwin Web Portal ProfileIconServlet directory traversal attempt  (server-webapp.rules)
 * 1:43380 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules)
 * 1:43381 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules)
 * 1:43382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules)
 * 1:43383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules)
 * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules)
 * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules)
 * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules)
 * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules)
 * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules)
 * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (indicator-compromise.rules)
 * 1:43391 <-> DISABLED <-> SERVER-WEBAPP MySQL Commander remote file include attempt (server-webapp.rules)
 * 1:43392 <-> DISABLED <-> SERVER-WEBAPP MySQL Commander remote file include attempt (server-webapp.rules)
 * 1:43393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules)
 * 1:43394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules)
 * 1:43395 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules)
 * 1:43396 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules)
 * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (server-other.rules)
 * 1:43398 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules)
 * 1:43399 <-> DISABLED <-> FILE-IMAGE multiple products PNG processing buffer overflow attempt (file-image.rules)
 * 1:43400 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43401 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43402 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center directory traversal directory traversal attempt (server-webapp.rules)
 * 1:43403 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center directory traversal directory traversal attempt (server-webapp.rules)
 * 1:43404 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center directory traversal directory traversal attempt (server-webapp.rules)
 * 1:43405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules)
 * 1:43406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules)
 * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules)
 * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules)
 * 1:43361 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)
 * 1:43423 <-> DISABLED <-> DELETED rfhewhf784rh7qrhq87rh2378ry228jpr8q8wjrq98wr8r (deleted.rules)
 * 1:43422 <-> DISABLED <-> DELETED rfhewhf784rh7qrhq87rh2378ry228jpr8q8wjrq98wr8r (deleted.rules)
 * 1:43421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules)
 * 1:43420 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules)
 * 1:43419 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules)
 * 1:43418 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules)
 * 1:43417 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules)
 * 1:43416 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules)
 * 1:43415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43414 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules)
 * 1:43360 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)
 * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules)

Modified Rules:


 * 1:43191 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway performBackupNow.do command injection attempt (server-webapp.rules)
 * 1:38836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules)
 * 1:43184 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:38835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules)
 * 1:29650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:29651 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules)
 * 1:23174 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules)
 * 1:23175 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules)
 * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules)
 * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules)
 * 1:16716 <-> DISABLED <-> FILE-IMAGE multiple products PNG processing buffer overflow attempt (file-image.rules)
 * 1:17258 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules)
 * 1:17303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules)
 * 1:19168 <-> DISABLED <-> SERVER-WEBAPP Oracle GoldenGate Veridata Server soap request overflow attempt (server-webapp.rules)
 * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules)