VRT Rules 2015-04-14
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Security Bulletin MS15-032: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 32442 through 32443, 34059 through 34060, 34064 through 34065, 34068 through 34071, 34074 through 34077, 34084 through 34085, and 34089 through 34090.

Microsoft Security Bulletin MS15-033: A coding deficiency exists in Microsoft Office that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 34062 through 34063, 34066 through 34067, 34086 through 34087, and 34093 through 34094.

Microsoft Security Bulletin MS15-034: A coding deficiency exists in Microsoft HTTP.sys that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 34061.

Microsoft Security Bulletin MS15-035: A coding deficiency exists in a Microsoft graphics component that may lead to remode code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 34082 through 34083.

Microsoft Security Bulletin MS15-036: A coding deficiency exists in Microsoft SharePoint Server that that may lead to an escalation of privilege.

Previously released rulea will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 7070 and 21782.

A new rule to detect attacks targeting this vulnerability is also included in this release and is identified with GID 1, SID 34099.

Microsoft Security Bulletin MS15-037: A coding deficiency exists in Microsoft Windows Task Scheduler that that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 34091 through 34092.

Microsoft Security Bulletin MS15-038: A coding deficiency exists in Microsoft Windows that that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 34078 through 34081 and 34095 through 34096.

Microsoft Security Bulletin MS15-039: A coding deficiency exists in Microsoft XML Core Services that may allow a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 34097 through 34098.

Microsoft Security Bulletin MS15-041: A coding deficiency exists in Microsoft .NET Framework that may lead to information disclosure.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 34088.

Talos has also added and modified multiple rules in the browser-ie, deleted, exploit-kit, file-executable, file-office, file-other, indicator-obfuscation, os-windows, policy-other and server-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-04-14 17:04:46 UTC

Snort Subscriber Rules Update

Date: 2015-04-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34059 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBodyElement use after free attempt (browser-ie.rules)
 * 1:34100 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34095 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules)
 * 1:34102 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34103 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34096 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules)
 * 1:34097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34060 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBodyElement use after free attempt (browser-ie.rules)
 * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules)
 * 1:34062 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document memory corruption attempt (file-office.rules)
 * 1:34063 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document memory corruption attempt (file-office.rules)
 * 1:34065 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt (browser-ie.rules)
 * 1:34064 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt (browser-ie.rules)
 * 1:34066 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34067 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 invalid array element read attempt (browser-ie.rules)
 * 1:34069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 invalid array element read attempt (browser-ie.rules)
 * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34074 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules)
 * 1:34075 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules)
 * 1:34076 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer append and swap use after free attempt (browser-ie.rules)
 * 1:34077 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer append and swap use after free attempt (browser-ie.rules)
 * 1:34078 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34079 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34080 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34081 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34101 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34084 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:34085 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:34086 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF double-free remote code execution attempt (file-office.rules)
 * 1:34087 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF double-free remote code execution attempt (file-office.rules)
 * 1:34088 <-> ENABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules)
 * 1:34089 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer incorrect array element read information disclosure attempt (browser-ie.rules)
 * 1:34090 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer incorrect array element read information disclosure attempt (browser-ie.rules)
 * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules)
 * 1:34099 <-> ENABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules)
 * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules)
 * 1:34094 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF out-of-bounds array access remote code execution attempt (file-office.rules)
 * 1:34093 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF out-of-bounds array access remote code execution attempt (file-office.rules)

Modified Rules:


 * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules)
 * 1:32443 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElementIDContextList use after free attempt (browser-ie.rules)
 * 1:29446 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:32442 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElementIDContextList use after free attempt (browser-ie.rules)

2015-04-14 17:04:46 UTC

Snort Subscriber Rules Update

Date: 2015-04-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34059 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBodyElement use after free attempt (browser-ie.rules)
 * 1:34060 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBodyElement use after free attempt (browser-ie.rules)
 * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules)
 * 1:34062 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document memory corruption attempt (file-office.rules)
 * 1:34063 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document memory corruption attempt (file-office.rules)
 * 1:34065 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt (browser-ie.rules)
 * 1:34064 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt (browser-ie.rules)
 * 1:34066 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34067 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 invalid array element read attempt (browser-ie.rules)
 * 1:34069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 invalid array element read attempt (browser-ie.rules)
 * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34074 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules)
 * 1:34075 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules)
 * 1:34076 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer append and swap use after free attempt (browser-ie.rules)
 * 1:34077 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer append and swap use after free attempt (browser-ie.rules)
 * 1:34078 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34079 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34080 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34081 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34084 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:34085 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:34086 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF double-free remote code execution attempt (file-office.rules)
 * 1:34087 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF double-free remote code execution attempt (file-office.rules)
 * 1:34088 <-> ENABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules)
 * 1:34089 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer incorrect array element read information disclosure attempt (browser-ie.rules)
 * 1:34090 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer incorrect array element read information disclosure attempt (browser-ie.rules)
 * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules)
 * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules)
 * 1:34103 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34102 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34101 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34100 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34099 <-> ENABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules)
 * 1:34098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34095 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules)
 * 1:34096 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules)
 * 1:34097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34094 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF out-of-bounds array access remote code execution attempt (file-office.rules)
 * 1:34093 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF out-of-bounds array access remote code execution attempt (file-office.rules)

Modified Rules:


 * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules)
 * 1:29446 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:32442 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElementIDContextList use after free attempt (browser-ie.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:32443 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElementIDContextList use after free attempt (browser-ie.rules)

2015-04-14 17:04:46 UTC

Snort Subscriber Rules Update

Date: 2015-04-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34103 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34102 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34101 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34100 <-> DISABLED <-> DELETED FILE-OFFICE deleting slipped rules (deleted.rules)
 * 1:34099 <-> ENABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules)
 * 1:34098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34096 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules)
 * 1:34095 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules)
 * 1:34094 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF out-of-bounds array access remote code execution attempt (file-office.rules)
 * 1:34093 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF out-of-bounds array access remote code execution attempt (file-office.rules)
 * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules)
 * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules)
 * 1:34090 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer incorrect array element read information disclosure attempt (browser-ie.rules)
 * 1:34089 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer incorrect array element read information disclosure attempt (browser-ie.rules)
 * 1:34088 <-> ENABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules)
 * 1:34087 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF double-free remote code execution attempt (file-office.rules)
 * 1:34086 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF double-free remote code execution attempt (file-office.rules)
 * 1:34085 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:34084 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34081 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34080 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34079 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34078 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules)
 * 1:34077 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer append and swap use after free attempt (browser-ie.rules)
 * 1:34076 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer append and swap use after free attempt (browser-ie.rules)
 * 1:34075 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules)
 * 1:34074 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules)
 * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 invalid array element read attempt (browser-ie.rules)
 * 1:34068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 invalid array element read attempt (browser-ie.rules)
 * 1:34067 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34066 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:34065 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt (browser-ie.rules)
 * 1:34064 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt (browser-ie.rules)
 * 1:34063 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document memory corruption attempt (file-office.rules)
 * 1:34062 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document memory corruption attempt (file-office.rules)
 * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules)
 * 1:34060 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBodyElement use after free attempt (browser-ie.rules)
 * 1:34059 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBodyElement use after free attempt (browser-ie.rules)

Modified Rules:


 * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules)
 * 1:29446 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:32442 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElementIDContextList use after free attempt (browser-ie.rules)
 * 1:32443 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElementIDContextList use after free attempt (browser-ie.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)