Talos Rules 2018-07-26
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-image, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2018-07-26 13:06:28 UTC

Snort Subscriber Rules Update

Date: 2018-07-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules)
 * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules)
 * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (server-webapp.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules)
 * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules)
 * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)
 * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules)
 * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules)
 * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)
 * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules)

Modified Rules:


 * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules)
 * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules)
 * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules)
 * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules)
 * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules)
 * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)
 * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules)
 * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)

2018-07-26 13:06:28 UTC

Snort Subscriber Rules Update

Date: 2018-07-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (server-webapp.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules)
 * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules)
 * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules)
 * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules)
 * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)
 * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules)
 * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules)
 * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)
 * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules)
 * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules)
 * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules)
 * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules)
 * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)

2018-07-26 13:06:28 UTC

Snort Subscriber Rules Update

Date: 2018-07-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (snort3-server-webapp.rules)
 * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (snort3-server-webapp.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules)
 * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (snort3-file-other.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (snort3-file-other.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (snort3-file-other.rules)
 * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (snort3-file-other.rules)
 * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (snort3-server-webapp.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (snort3-file-pdf.rules)
 * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (snort3-file-pdf.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules)
 * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (snort3-server-webapp.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules)

Modified Rules:


 * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (snort3-server-webapp.rules)
 * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (snort3-server-webapp.rules)
 * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (snort3-server-webapp.rules)
 * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (snort3-server-webapp.rules)
 * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (snort3-server-webapp.rules)
 * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (snort3-file-pdf.rules)
 * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (snort3-file-pdf.rules)
 * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (snort3-server-webapp.rules)

2018-07-26 13:06:28 UTC

Snort Subscriber Rules Update

Date: 2018-07-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules)
 * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (server-webapp.rules)
 * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules)
 * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules)
 * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules)
 * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules)
 * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)
 * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules)
 * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules)
 * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)
 * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules)
 * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)
 * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules)
 * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules)
 * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules)
 * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules)

2018-07-26 13:06:28 UTC

Snort Subscriber Rules Update

Date: 2018-07-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules)
 * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules)
 * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules)
 * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules)
 * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules)
 * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules)
 * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (server-webapp.rules)
 * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules)
 * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules)
 * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules)
 * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules)
 * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)
 * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules)
 * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules)
 * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules)
 * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules)
 * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules)
 * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)
 * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)
 * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules)
 * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules)
 * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules)