Sourcefire VRT Update

Date: 2006-10-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
8417 <-> Disabled  <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX function call access (web-client.rules)
8418 <-> Disabled  <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX function call access (web-client.rules)
8419 <-> Disabled  <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call access (web-client.rules)
8420 <-> Disabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX function call access (web-client.rules)
8421 <-> Disabled  <-> WEB-CLIENT OWC11.DataSourceControl.11 ActiveX function call access (web-client.rules)
8422 <-> Disabled  <-> WEB-CLIENT OVCtl.OVCtl.1 ActiveX function call access (web-client.rules)
8423 <-> Disabled  <-> WEB-CLIENT CEnroll.CEnroll.2 ActiveX function call access (web-client.rules)
8424 <-> Disabled  <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX function call access (web-client.rules)
8425 <-> Disabled  <-> WEB-CLIENT DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access (web-client.rules)

Updated rules:
3143 <-> Enabled  <-> NETBIOS SMB Trans2 FIND_FIRST2 response overflow attempt (netbios.rules)
3144 <-> Enabled  <-> NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
3145 <-> Enabled  <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (netbios.rules)
3146 <-> Enabled  <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
3687 <-> Enabled  <-> TELNET client ENV OPT USERVAR information disclosure (telnet.rules)
3688 <-> Enabled  <-> TELNET client ENV OPT VAR information disclosure (telnet.rules)
7922 <-> Disabled  <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX CLSID access (web-client.rules)
7923 <-> Disabled  <-> WEB-CLIENT DXImageTransform.Microsoft.RevealTrans ActiveX CLSID unicode access (web-client.rules)
7940 <-> Disabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX CLSID access (web-client.rules)
7941 <-> Disabled  <-> WEB-CLIENT DXImageTransform.Microsoft.Gradient ActiveX CLSID unicode access (web-client.rules)
7956 <-> Disabled  <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX CLSID access (web-client.rules)
7957 <-> Disabled  <-> WEB-CLIENT Microsoft Forms 2.0 ListBox ActiveX CLSID unicode access (web-client.rules)
7985 <-> Disabled  <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID access (web-client.rules)
7986 <-> Disabled  <-> WEB-CLIENT WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID unicode access (web-client.rules)
8086 <-> Enabled  <-> WEB-MISC HP Openview NNM cdpView.ovpl port 3443 Unix command execution attempt (web-misc.rules)
8087 <-> Enabled  <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl port 3443 Unix command execution attempt (web-misc.rules)
8088 <-> Enabled  <-> WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt (web-misc.rules)
8089 <-> Enabled  <-> WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt (web-misc.rules)
8090 <-> Enabled  <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules)
8414 <-> Disabled <-> WEB-CLIENT GIF image width descriptor buffer overflow attempt (web-client.rules)
8416 <-> Disabled  <-> WEB-CLIENT VML fill method overflow attempt (web-client.rules)