Talos has added and modified multiple rules in the blacklist, browser-ie, file-flash, file-identify, file-other, file-pdf, malware-cnc, malware-other, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34585 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34586 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34589 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34590 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34568 <-> DISABLED <-> SERVER-WEBAPP Wordpress Gravity Forms gf_page arbitrary file upload attempt (server-webapp.rules) * 1:34592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34594 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34580 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34579 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34571 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nonobabe.100webspace.net - Win.Trojan.Zinnemls (blacklist.rules) * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection attempt (malware-cnc.rules) * 1:34593 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34570 <-> ENABLED <-> BLACKLIST DNS request for known malware domain driveake.webcindario.com - Win.Trojan.Zinnemls (blacklist.rules) * 1:34569 <-> DISABLED <-> SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt (server-webapp.rules) * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection attempt (malware-cnc.rules) * 1:34565 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules) * 1:34581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules)
* 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:28704 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:21534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:34074 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:34075 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:19264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:28703 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23996 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:34149 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34150 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:33773 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:34529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34546 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:34547 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:33774 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:34551 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34550 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:34558 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:7514 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - send out info to server periodically (malware-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:7513 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - init connection (malware-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:7515 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - remote monitoring (malware-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:19689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules) * 1:19690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:18968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:19262 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21457 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:19691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:34147 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:20777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:20031 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:19688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:34148 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:20767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34568 <-> DISABLED <-> SERVER-WEBAPP Wordpress Gravity Forms gf_page arbitrary file upload attempt (server-webapp.rules) * 1:34594 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34593 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34589 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34590 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34586 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34585 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34579 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34580 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34571 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nonobabe.100webspace.net - Win.Trojan.Zinnemls (blacklist.rules) * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection attempt (malware-cnc.rules) * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection attempt (malware-cnc.rules) * 1:34569 <-> DISABLED <-> SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt (server-webapp.rules) * 1:34570 <-> ENABLED <-> BLACKLIST DNS request for known malware domain driveake.webcindario.com - Win.Trojan.Zinnemls (blacklist.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34565 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules)
* 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:20767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:34075 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:7515 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - remote monitoring (malware-other.rules) * 1:7513 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - init connection (malware-other.rules) * 1:7514 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - send out info to server periodically (malware-other.rules) * 1:34551 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34558 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:34550 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:34546 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:34528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34547 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:34529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34148 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34074 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules) * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules) * 1:34150 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34149 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:28704 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:28703 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:23996 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:33773 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33774 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:19263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:19689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:19688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:20777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:34147 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:19691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:21457 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:18968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:19262 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20031 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:19264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34571 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nonobabe.100webspace.net - Win.Trojan.Zinnemls (blacklist.rules) * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection attempt (malware-cnc.rules) * 1:34573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34580 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34579 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34585 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34586 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34589 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34590 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34593 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34594 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34568 <-> DISABLED <-> SERVER-WEBAPP Wordpress Gravity Forms gf_page arbitrary file upload attempt (server-webapp.rules) * 1:34570 <-> ENABLED <-> BLACKLIST DNS request for known malware domain driveake.webcindario.com - Win.Trojan.Zinnemls (blacklist.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34565 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules) * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection attempt (malware-cnc.rules) * 1:34569 <-> DISABLED <-> SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt (server-webapp.rules)
* 1:20767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:18968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:34147 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34149 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34075 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33773 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33774 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:28704 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:28703 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:23996 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules) * 1:21653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:34150 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:34528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34546 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:34547 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:34550 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34551 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:34558 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:7513 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - init connection (malware-other.rules) * 1:7514 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - send out info to server periodically (malware-other.rules) * 1:7515 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - remote monitoring (malware-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:34148 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:20777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:34074 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:19263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20031 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:19689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:19262 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21457 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:19691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34594 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34593 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34590 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34589 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34586 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34585 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34580 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34579 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection attempt (malware-cnc.rules) * 1:34571 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nonobabe.100webspace.net - Win.Trojan.Zinnemls (blacklist.rules) * 1:34570 <-> ENABLED <-> BLACKLIST DNS request for known malware domain driveake.webcindario.com - Win.Trojan.Zinnemls (blacklist.rules) * 1:34569 <-> DISABLED <-> SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt (server-webapp.rules) * 1:34568 <-> DISABLED <-> SERVER-WEBAPP Wordpress Gravity Forms gf_page arbitrary file upload attempt (server-webapp.rules) * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection attempt (malware-cnc.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34565 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules)
* 1:7515 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - remote monitoring (malware-other.rules) * 1:7514 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - send out info to server periodically (malware-other.rules) * 1:7513 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - init connection (malware-other.rules) * 1:34558 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:34557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:34551 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34550 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34547 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:34546 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:34529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34150 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34149 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34148 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34147 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34075 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:34074 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33774 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33773 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28704 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28703 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23996 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:21653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules) * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules) * 1:21457 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:18968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:19262 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:19690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:20031 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:19688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:19689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
