Sourcefire VRT Update

Date: 2006-07-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
7003 - WEB-CLIENT ADODB.Recordset ActiveX function call access (web-client.rules)
7004 - WEB-CLIENT Internet.HHCtrl.1 ActiveX function call access (web-client.rules)
7005 - WEB-CLIENT OutlookExpress.AddressBook ActiveX function call access (web-client.rules)
7006 - WEB-CLIENT ASControls.InstallEngineCtl ActiveX function call access (web-client.rules)
7007 - WEB-CLIENT AxDebugger.Document.1 ActiveX function call access (web-client.rules)
7008 - WEB-CLIENT DirectAnimation.DAUserData ActiveX function call access (web-client.rules)
7009 - WEB-CLIENT DirectAnimation.StructuredGraphicsControl ActiveX function call access (web-client.rules)
7010 - WEB-CLIENT HtmlDlgSafeHelper.HtmlDlgSafeHelper.1 ActiveX function call access (web-client.rules)
7011 - WEB-CLIENT HtmlDlgSafeHelper.HtmlDlgSafeHelper ActiveX function call access (web-client.rules)
7012 - WEB-CLIENT Internet.PopupMenu.1 ActiveX function call access (web-client.rules)
7013 - WEB-CLIENT Microsoft.ISCatAdm ActiveX function call access (web-client.rules)
7014 - WEB-CLIENT NMSA.ASFSourceMediaDescription.1 ActiveX function call access (web-client.rules)
7015 - WEB-CLIENT NMSA.MediaDescription ActiveX function call access (web-client.rules)
7016 - WEB-CLIENT Object.Microsoft.DXTFilter ActiveX function call access (web-client.rules)
7017 - WEB-CLIENT RDS.DataControl ActiveX function call access (web-client.rules)
7018 - WEB-CLIENT Sysmon ActiveX function call access (web-client.rules)

Updated rules:
 580 - RPC portmap nisd request UDP (rpc.rules)
 824 - WEB-CGI php.cgi access (web-cgi.rules)
1951 - RPC mountd TCP mount request (rpc.rules)