Talos has added and modified multiple rules in the browser-firefox, browser-ie, exploit-kit, file-image, file-other, file-pdf, malware-cnc, os-windows, protocol-dns, protocol-telnet and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45191 <-> DISABLED <-> PROTOCOL-TELNET TippingPoint IPS telnet login failure xss attempt (protocol-telnet.rules) * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:45185 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:45186 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45175 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:45176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45196 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45197 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45194 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:45195 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)
* 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:41452 <-> DISABLED <-> MALWARE-CNC Swf.Tool.Agent flash file in a word document uploading system capabilities (malware-cnc.rules) * 1:39700 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:18559 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:39699 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1 (file-image.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:29651 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules) * 1:29650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:36605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules) * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules) * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:42806 <-> ENABLED <-> EXPLOIT-KIT Rig Exploit Kit URL outbound communication (exploit-kit.rules) * 1:42883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:43778 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules) * 1:36604 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:35184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:35185 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45191 <-> DISABLED <-> PROTOCOL-TELNET TippingPoint IPS telnet login failure xss attempt (protocol-telnet.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules) * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45186 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:45185 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45175 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:45176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45194 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:45195 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45197 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45196 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)
* 1:39699 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:29651 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:36605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:39700 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules) * 1:41452 <-> DISABLED <-> MALWARE-CNC Swf.Tool.Agent flash file in a word document uploading system capabilities (malware-cnc.rules) * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules) * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:18559 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:42806 <-> ENABLED <-> EXPLOIT-KIT Rig Exploit Kit URL outbound communication (exploit-kit.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules) * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1 (file-image.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:42883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:43778 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules) * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules) * 1:35185 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:35184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:36604 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:29650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45197 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45196 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45195 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45194 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45191 <-> DISABLED <-> PROTOCOL-TELNET TippingPoint IPS telnet login failure xss attempt (protocol-telnet.rules) * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:45186 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:45185 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules) * 1:45175 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
* 1:36604 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:43778 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules) * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1 (file-image.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:42883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:42806 <-> ENABLED <-> EXPLOIT-KIT Rig Exploit Kit URL outbound communication (exploit-kit.rules) * 1:18559 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules) * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:29650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:29651 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules) * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules) * 1:41452 <-> DISABLED <-> MALWARE-CNC Swf.Tool.Agent flash file in a word document uploading system capabilities (malware-cnc.rules) * 1:39700 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39699 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:36605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:35184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:35185 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
