Microsoft Vulnerability CVE-2020-0817: A coding deficiency exists in Remote Desktop Client that may lead to remote code execution.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 53104.
Talos also has added and modified multiple rules in the browser-plugins, browser-webkit, file-image, file-java, file-multimedia, malware-tools, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53091 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53090 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (malware-tools.rules) * 1:53104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client PDU parsing integer overflow attempt (os-windows.rules) * 1:53101 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53100 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53096 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53095 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53092 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 3:53103 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53093 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53094 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53097 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53098 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53099 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1000 attack attempt (server-other.rules) * 3:53102 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules)
* 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53092 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client PDU parsing integer overflow attempt (os-windows.rules) * 1:53100 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53090 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (malware-tools.rules) * 1:53095 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53101 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53091 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53096 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 3:53093 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53094 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53103 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53097 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53098 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53102 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53099 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1000 attack attempt (server-other.rules)
* 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53100 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client PDU parsing integer overflow attempt (os-windows.rules) * 1:53091 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53090 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (malware-tools.rules) * 1:53092 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53101 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53095 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53096 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 3:53102 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53103 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53093 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53094 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53097 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53098 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53099 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1000 attack attempt (server-other.rules)
* 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53095 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53091 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53092 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53100 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53090 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (malware-tools.rules) * 1:53096 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client PDU parsing integer overflow attempt (os-windows.rules) * 1:53101 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 3:53102 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53093 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53094 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53097 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53103 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53098 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53099 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1000 attack attempt (server-other.rules)
* 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53090 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (malware-tools.rules) * 1:53101 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53095 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53091 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53100 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53096 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client PDU parsing integer overflow attempt (os-windows.rules) * 1:53092 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 3:53103 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53102 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53093 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53094 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53097 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53098 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53099 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1000 attack attempt (server-other.rules)
* 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53096 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:53092 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:53104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client PDU parsing integer overflow attempt (snort3-os-windows.rules) * 1:53090 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (snort3-malware-tools.rules) * 1:53095 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:53100 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (snort3-browser-webkit.rules) * 1:53091 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:53101 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (snort3-browser-webkit.rules)
* 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (snort3-browser-plugins.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (snort3-protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (snort3-protocol-scada.rules) * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (snort3-browser-plugins.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (snort3-protocol-scada.rules) * 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (snort3-browser-plugins.rules) * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (snort3-browser-plugins.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (snort3-protocol-scada.rules) * 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (snort3-browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53095 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53101 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53090 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (malware-tools.rules) * 1:53091 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client PDU parsing integer overflow attempt (os-windows.rules) * 1:53092 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53096 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53100 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 3:53103 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53102 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53093 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53094 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53097 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53098 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53099 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1000 attack attempt (server-other.rules)
* 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
