Talos Rules 2018-07-17
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-flash, file-image, file-office, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2018-07-17 13:33:45 UTC

Snort Subscriber Rules Update

Date: 2018-07-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules)
 * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules)
 * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules)
 * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules)
 * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules)
 * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules)
 * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (server-webapp.rules)
 * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules)
 * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (malware-cnc.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (malware-cnc.rules)
 * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (malware-cnc.rules)
 * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules)
 * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules)
 * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules)
 * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules)
 * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules)
 * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules)
 * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (server-webapp.rules)
 * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules)

Modified Rules:


 * 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules)
 * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)
 * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)

2018-07-17 13:33:45 UTC

Snort Subscriber Rules Update

Date: 2018-07-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules)
 * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules)
 * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules)
 * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules)
 * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules)
 * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules)
 * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules)
 * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules)
 * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules)
 * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules)
 * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (server-webapp.rules)
 * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (malware-cnc.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (malware-cnc.rules)
 * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules)
 * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules)
 * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules)
 * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules)
 * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (server-webapp.rules)
 * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (malware-cnc.rules)
 * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules)

Modified Rules:


 * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules)
 * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules)
 * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)
 * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)

2018-07-17 13:33:45 UTC

Snort Subscriber Rules Update

Date: 2018-07-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (snort3-file-pdf.rules)
 * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (snort3-file-image.rules)
 * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (snort3-file-image.rules)
 * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (snort3-malware-cnc.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (snort3-server-webapp.rules)
 * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (snort3-file-pdf.rules)
 * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (snort3-file-pdf.rules)
 * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (snort3-file-pdf.rules)
 * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (snort3-file-office.rules)
 * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (snort3-file-office.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (snort3-file-other.rules)
 * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (snort3-browser-plugins.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (snort3-file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (snort3-file-other.rules)
 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (snort3-file-other.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (snort3-file-other.rules)
 * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (snort3-file-pdf.rules)
 * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (snort3-file-pdf.rules)
 * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (snort3-file-pdf.rules)
 * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (snort3-malware-cnc.rules)
 * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (snort3-server-webapp.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (snort3-file-other.rules)
 * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (snort3-file-image.rules)
 * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (snort3-file-image.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (snort3-file-office.rules)
 * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (snort3-server-webapp.rules)
 * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules)
 * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (snort3-file-office.rules)
 * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules)
 * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules)
 * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules)
 * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules)
 * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (snort3-file-other.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (snort3-file-flash.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (snort3-file-other.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (snort3-file-flash.rules)
 * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (snort3-file-pdf.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (snort3-browser-plugins.rules)
 * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (snort3-file-other.rules)
 * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (snort3-file-other.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (snort3-file-other.rules)

Modified Rules:


 * 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules)
 * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules)
 * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (snort3-browser-ie.rules)
 * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (snort3-browser-ie.rules)
 * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (snort3-file-office.rules)
 * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (snort3-file-office.rules)
 * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (snort3-server-webapp.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (snort3-file-other.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (snort3-file-other.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (snort3-browser-other.rules)
 * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (snort3-browser-other.rules)

2018-07-17 13:33:45 UTC

Snort Subscriber Rules Update

Date: 2018-07-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules)
 * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules)
 * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules)
 * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules)
 * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules)
 * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (malware-cnc.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (server-webapp.rules)
 * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules)
 * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules)
 * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules)
 * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules)
 * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules)
 * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules)
 * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules)
 * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules)
 * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (server-webapp.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (malware-cnc.rules)
 * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (malware-cnc.rules)
 * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules)

Modified Rules:


 * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules)
 * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)
 * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)

2018-07-17 13:33:45 UTC

Snort Subscriber Rules Update

Date: 2018-07-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules)
 * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules)
 * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules)
 * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules)
 * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules)
 * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (malware-cnc.rules)
 * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (malware-cnc.rules)
 * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules)
 * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules)
 * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules)
 * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules)
 * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules)
 * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules)
 * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules)
 * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules)
 * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules)
 * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (server-webapp.rules)
 * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules)
 * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules)
 * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules)
 * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules)
 * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules)
 * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (malware-cnc.rules)
 * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules)
 * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules)
 * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (server-webapp.rules)
 * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules)
 * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules)
 * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules)
 * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules)
 * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules)
 * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules)
 * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules)
 * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules)

Modified Rules:


 * 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules)
 * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules)
 * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules)
 * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules)
 * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules)
 * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules)
 * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)
 * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)