Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-flash, file-image, file-office, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (server-webapp.rules) * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (malware-cnc.rules) * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (malware-cnc.rules) * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (malware-cnc.rules) * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules) * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (server-webapp.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules)
* 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules) * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (server-webapp.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (malware-cnc.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (malware-cnc.rules) * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (server-webapp.rules) * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules) * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (malware-cnc.rules) * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules)
* 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules) * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (snort3-file-pdf.rules) * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (snort3-file-image.rules) * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (snort3-file-image.rules) * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (snort3-malware-cnc.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (snort3-file-other.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (snort3-file-other.rules) * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (snort3-server-webapp.rules) * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (snort3-file-pdf.rules) * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (snort3-file-pdf.rules) * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (snort3-file-pdf.rules) * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (snort3-file-office.rules) * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (snort3-file-office.rules) * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (snort3-file-other.rules) * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (snort3-browser-plugins.rules) * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (snort3-file-other.rules) * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (snort3-file-other.rules) * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (snort3-file-other.rules) * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (snort3-file-other.rules) * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (snort3-file-pdf.rules) * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (snort3-file-pdf.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (snort3-file-pdf.rules) * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (snort3-malware-cnc.rules) * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (snort3-server-webapp.rules) * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (snort3-file-other.rules) * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (snort3-file-image.rules) * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (snort3-file-image.rules) * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules) * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (snort3-file-other.rules) * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (snort3-file-office.rules) * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (snort3-server-webapp.rules) * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (snort3-file-office.rules) * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules) * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules) * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (snort3-file-other.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (snort3-file-flash.rules) * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (snort3-file-other.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (snort3-file-flash.rules) * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (snort3-file-pdf.rules) * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (snort3-file-other.rules) * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (snort3-malware-cnc.rules) * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (snort3-browser-plugins.rules) * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (snort3-file-other.rules) * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (snort3-file-other.rules) * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (snort3-file-other.rules)
* 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (snort3-file-office.rules) * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (snort3-browser-ie.rules) * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (snort3-browser-ie.rules) * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (snort3-file-office.rules) * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (snort3-file-office.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (snort3-server-webapp.rules) * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (snort3-file-other.rules) * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (snort3-file-other.rules) * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (snort3-browser-other.rules) * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (snort3-browser-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (malware-cnc.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (server-webapp.rules) * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules) * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (server-webapp.rules) * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (malware-cnc.rules) * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (malware-cnc.rules) * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules)
* 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules) * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (malware-cnc.rules) * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (malware-cnc.rules) * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47175 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (server-webapp.rules) * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules) * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (malware-cnc.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (server-webapp.rules) * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules)
* 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules) * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
