Talos has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, file-flash, file-image, file-office, file-other, file-pdf, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules) * 1:44967 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44968 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44965 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44966 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44988 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44964 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44962 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44963 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44960 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44961 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44959 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44956 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44955 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44953 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44954 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44949 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44950 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44945 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44943 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44939 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44940 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44937 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44938 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44934 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44933 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44929 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44930 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44928 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44925 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44926 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44917 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44918 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44916 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44913 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44911 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44912 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44902 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44900 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44901 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound request attempt (malware-cnc.rules) * 1:44898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound request attempt (malware-cnc.rules) * 1:44895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound request attempt (malware-cnc.rules) * 1:44896 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound request attempt (malware-cnc.rules) * 1:44893 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44894 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44892 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44886 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Volgmer (blacklist.rules) * 1:44990 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44989 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:44888 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44889 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - WidgiToolbar (blacklist.rules) * 1:44890 <-> DISABLED <-> SERVER-OTHER CouchDB remote privilege escalation attempt (server-other.rules) * 1:44891 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44897 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound request attempt (malware-cnc.rules) * 1:44987 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44921 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44922 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44923 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44924 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44972 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection attempt (malware-cnc.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:44975 <-> ENABLED <-> MALWARE-CNC Php.Dropper.Mayhem cnc communication attempt (malware-cnc.rules) * 1:44976 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection attempt (malware-cnc.rules) * 1:44969 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44970 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44977 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44887 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 3:44910 <-> ENABLED <-> SERVER-OTHER Altiris Express Server Engine stack buffer overflow attempt (server-other.rules) * 3:44908 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules) * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules) * 3:44909 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules)
* 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:43448 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:43447 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43446 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:43445 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:39498 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:39497 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44964 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44887 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44886 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Volgmer (blacklist.rules) * 1:44888 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44889 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - WidgiToolbar (blacklist.rules) * 1:44890 <-> DISABLED <-> SERVER-OTHER CouchDB remote privilege escalation attempt (server-other.rules) * 1:44891 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44893 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44894 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound request attempt (malware-cnc.rules) * 1:44896 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound request attempt (malware-cnc.rules) * 1:44897 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound request attempt (malware-cnc.rules) * 1:44898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound request attempt (malware-cnc.rules) * 1:44899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound request attempt (malware-cnc.rules) * 1:44900 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44901 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44902 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44911 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44912 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44913 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44916 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44917 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44918 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44921 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44922 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44923 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44924 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44925 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44926 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44928 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44929 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44930 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44933 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44934 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44937 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44938 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44939 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44940 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44943 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44945 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44949 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44950 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44953 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44954 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44955 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44956 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44959 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44960 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44961 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44962 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44963 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44990 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44989 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44988 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44987 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules) * 1:44984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:44977 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44976 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44975 <-> ENABLED <-> MALWARE-CNC Php.Dropper.Mayhem cnc communication attempt (malware-cnc.rules) * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules) * 1:44973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection attempt (malware-cnc.rules) * 1:44972 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection attempt (malware-cnc.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:44969 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44970 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44968 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44967 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44966 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44965 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules) * 3:44909 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules) * 3:44908 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules) * 3:44910 <-> ENABLED <-> SERVER-OTHER Altiris Express Server Engine stack buffer overflow attempt (server-other.rules)
* 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43448 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43446 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:43447 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:39498 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:39497 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:43445 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44990 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44989 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44988 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44987 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules) * 1:44984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:44977 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44976 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44975 <-> ENABLED <-> MALWARE-CNC Php.Dropper.Mayhem cnc communication attempt (malware-cnc.rules) * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules) * 1:44973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection attempt (malware-cnc.rules) * 1:44972 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection attempt (malware-cnc.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:44970 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44969 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44968 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44967 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44966 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44965 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44964 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44963 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44962 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44961 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44960 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44959 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44956 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44955 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44954 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44953 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44950 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44949 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44945 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44943 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44940 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44939 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44938 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44937 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44934 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44933 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44930 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44929 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44928 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44926 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44925 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44924 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44923 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44922 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44921 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44918 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44917 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44916 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44913 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44912 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44911 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44903 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44902 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44901 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44900 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound request attempt (malware-cnc.rules) * 1:44898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound request attempt (malware-cnc.rules) * 1:44897 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound request attempt (malware-cnc.rules) * 1:44896 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound request attempt (malware-cnc.rules) * 1:44895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound request attempt (malware-cnc.rules) * 1:44894 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44893 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44892 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44891 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44890 <-> DISABLED <-> SERVER-OTHER CouchDB remote privilege escalation attempt (server-other.rules) * 1:44889 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - WidgiToolbar (blacklist.rules) * 1:44888 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44887 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44886 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Volgmer (blacklist.rules) * 3:44908 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules) * 3:44909 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules) * 3:44910 <-> ENABLED <-> SERVER-OTHER Altiris Express Server Engine stack buffer overflow attempt (server-other.rules) * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules)
* 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43448 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:43447 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:43446 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:39498 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:39497 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:43445 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
