Talos Rules 2015-06-09
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Security Bulletin MS15-056: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 31284, 31286, 32262 through 32263, 34721 through 34730, 34733 through 34736, 34745 through 34760, 34763 through 34768, 34772 through 34773, 34778 through 34779, and 34790 through 34791.

Microsoft Security Bulletin MS15-057: A coding deficiency exists in Microsoft Windows Media Player that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 34731 through 34732.

Microsoft Security Bulletin MS15-059: A coding deficiency exists in Microsoft Office that may lead to remote code execution.

Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 18494 through 18945.

New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 34737 through 34740, and 34743 through 34744.

Microsoft Security Bulletin MS15-061: Microsoft Windows Kernel suffers from programming errors that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 34761 through 34762, 34770 through 34771, 34774 through 34777, and 34780 through 34789.

Microsoft Security Bulletin MS15-062: A coding deficiency exists in Microsoft Active Directory Federation Services that may lead to an escalation of privilege.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 34769.

Talos has also added and modified multiple rules in the browser-ie, browser-plugins, deleted, file-flash, file-office, file-other, os-windows, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2015-06-09 16:06:46 UTC

Snort Subscriber Rules Update

Date: 2015-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34787 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules)
 * 1:34734 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules)
 * 1:34735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules)
 * 1:34732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules)
 * 1:34731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules)
 * 1:34730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules)
 * 1:34727 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:34729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules)
 * 1:34722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules)
 * 1:34726 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules)
 * 1:34724 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:34723 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:34725 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules)
 * 1:34781 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34782 <-> ENABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules)
 * 1:34793 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34791 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules)
 * 1:34789 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34728 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:34733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules)
 * 1:34786 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34784 <-> ENABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34785 <-> ENABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34741 <-> DISABLED <-> DELETED deleted rule (deleted.rules)
 * 1:34742 <-> DISABLED <-> DELETED deleted rule (deleted.rules)
 * 1:34743 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules)
 * 1:34744 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules)
 * 1:34745 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules)
 * 1:34746 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules)
 * 1:34747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules)
 * 1:34748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules)
 * 1:34749 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules)
 * 1:34750 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules)
 * 1:34751 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules)
 * 1:34752 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules)
 * 1:34753 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules)
 * 1:34754 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules)
 * 1:34755 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules)
 * 1:34756 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules)
 * 1:34757 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules)
 * 1:34758 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules)
 * 1:34759 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules)
 * 1:34760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules)
 * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:34764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:34765 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules)
 * 1:34766 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules)
 * 1:34767 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules)
 * 1:34768 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules)
 * 1:34769 <-> ENABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules)
 * 1:34770 <-> ENABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34783 <-> ENABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34771 <-> ENABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules)
 * 1:34773 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules)
 * 1:34792 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules)
 * 1:34774 <-> ENABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34779 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules)
 * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)
 * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)
 * 1:34780 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34775 <-> ENABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34788 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34778 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules)

Modified Rules:


 * 1:33712 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules)
 * 1:32246 <-> ENABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (browser-plugins.rules)
 * 1:33711 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules)
 * 1:32245 <-> ENABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (browser-plugins.rules)
 * 1:32262 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules)
 * 1:32263 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules)
 * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:24642 <-> DISABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX code execution attempt (server-webapp.rules)
 * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules)

2015-06-09 16:06:46 UTC

Snort Subscriber Rules Update

Date: 2015-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34787 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules)
 * 1:34734 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules)
 * 1:34735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules)
 * 1:34732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules)
 * 1:34730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules)
 * 1:34731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules)
 * 1:34727 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:34729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules)
 * 1:34726 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules)
 * 1:34724 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:34722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules)
 * 1:34723 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:34789 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34791 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules)
 * 1:34793 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34782 <-> ENABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34781 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules)
 * 1:34725 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules)
 * 1:34786 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34784 <-> ENABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34785 <-> ENABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34728 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:34733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34741 <-> DISABLED <-> DELETED deleted rule (deleted.rules)
 * 1:34742 <-> DISABLED <-> DELETED deleted rule (deleted.rules)
 * 1:34743 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules)
 * 1:34744 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules)
 * 1:34745 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules)
 * 1:34746 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules)
 * 1:34747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules)
 * 1:34748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules)
 * 1:34749 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules)
 * 1:34750 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules)
 * 1:34751 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules)
 * 1:34752 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules)
 * 1:34753 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules)
 * 1:34754 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules)
 * 1:34755 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules)
 * 1:34756 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules)
 * 1:34757 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules)
 * 1:34758 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules)
 * 1:34790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules)
 * 1:34759 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules)
 * 1:34760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules)
 * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:34764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:34765 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules)
 * 1:34766 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules)
 * 1:34767 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules)
 * 1:34768 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules)
 * 1:34769 <-> ENABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules)
 * 1:34770 <-> ENABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34771 <-> ENABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34792 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34783 <-> ENABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules)
 * 1:34773 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules)
 * 1:34774 <-> ENABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34780 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34778 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules)
 * 1:34788 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34775 <-> ENABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34779 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules)
 * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)
 * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)

Modified Rules:


 * 1:32246 <-> ENABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (browser-plugins.rules)
 * 1:33712 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules)
 * 1:32263 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules)
 * 1:33711 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules)
 * 1:32245 <-> ENABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (browser-plugins.rules)
 * 1:32262 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules)
 * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:24642 <-> DISABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX code execution attempt (server-webapp.rules)
 * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules)

2015-06-09 16:06:46 UTC

Snort Subscriber Rules Update

Date: 2015-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules)
 * 1:34736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules)
 * 1:34732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules)
 * 1:34734 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules)
 * 1:34731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules)
 * 1:34729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules)
 * 1:34730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules)
 * 1:34727 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:34726 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules)
 * 1:34723 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:34724 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:34722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules)
 * 1:34721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules)
 * 1:34725 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules)
 * 1:34728 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:34733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34741 <-> DISABLED <-> DELETED deleted rule (deleted.rules)
 * 1:34742 <-> DISABLED <-> DELETED deleted rule (deleted.rules)
 * 1:34743 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules)
 * 1:34744 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules)
 * 1:34745 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules)
 * 1:34746 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules)
 * 1:34747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules)
 * 1:34748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules)
 * 1:34749 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules)
 * 1:34750 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules)
 * 1:34751 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules)
 * 1:34752 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules)
 * 1:34753 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules)
 * 1:34754 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules)
 * 1:34755 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules)
 * 1:34756 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules)
 * 1:34757 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules)
 * 1:34758 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules)
 * 1:34759 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules)
 * 1:34760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules)
 * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:34764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:34765 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules)
 * 1:34766 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules)
 * 1:34767 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules)
 * 1:34768 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules)
 * 1:34769 <-> ENABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules)
 * 1:34770 <-> ENABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34771 <-> ENABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules)
 * 1:34773 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules)
 * 1:34774 <-> ENABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34775 <-> ENABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34793 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34792 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34791 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules)
 * 1:34790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules)
 * 1:34789 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34788 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34787 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34786 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34785 <-> ENABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34784 <-> ENABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34783 <-> ENABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34782 <-> ENABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34781 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34778 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules)
 * 1:34780 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34779 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules)
 * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)
 * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)

Modified Rules:


 * 1:33711 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules)
 * 1:33712 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules)
 * 1:32263 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules)
 * 1:32246 <-> ENABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (browser-plugins.rules)
 * 1:32262 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules)
 * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:32245 <-> ENABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (browser-plugins.rules)
 * 1:24642 <-> DISABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX code execution attempt (server-webapp.rules)
 * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules)

2015-06-09 16:06:46 UTC

Snort Subscriber Rules Update

Date: 2015-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34793 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34792 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules)
 * 1:34791 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules)
 * 1:34790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules)
 * 1:34789 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34788 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules)
 * 1:34787 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34786 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules)
 * 1:34785 <-> ENABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34784 <-> ENABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules)
 * 1:34783 <-> ENABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34782 <-> ENABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules)
 * 1:34781 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34780 <-> ENABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules)
 * 1:34779 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules)
 * 1:34778 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules)
 * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)
 * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules)
 * 1:34775 <-> ENABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34774 <-> ENABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules)
 * 1:34773 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules)
 * 1:34772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules)
 * 1:34771 <-> ENABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34770 <-> ENABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules)
 * 1:34769 <-> ENABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules)
 * 1:34768 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules)
 * 1:34767 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules)
 * 1:34766 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules)
 * 1:34765 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules)
 * 1:34764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:34763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules)
 * 1:34760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules)
 * 1:34759 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules)
 * 1:34758 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules)
 * 1:34757 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules)
 * 1:34756 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules)
 * 1:34755 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules)
 * 1:34754 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules)
 * 1:34753 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules)
 * 1:34752 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules)
 * 1:34751 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules)
 * 1:34750 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules)
 * 1:34749 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules)
 * 1:34748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules)
 * 1:34747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules)
 * 1:34746 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules)
 * 1:34745 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules)
 * 1:34744 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules)
 * 1:34743 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules)
 * 1:34742 <-> DISABLED <-> DELETED deleted rule (deleted.rules)
 * 1:34741 <-> DISABLED <-> DELETED deleted rule (deleted.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules)
 * 1:34735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules)
 * 1:34734 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules)
 * 1:34733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules)
 * 1:34732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules)
 * 1:34731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules)
 * 1:34730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules)
 * 1:34729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules)
 * 1:34728 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:34727 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules)
 * 1:34726 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules)
 * 1:34725 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules)
 * 1:34724 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:34723 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules)
 * 1:34722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules)
 * 1:34721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules)

Modified Rules:


 * 1:33712 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules)
 * 1:32263 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules)
 * 1:33711 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules)
 * 1:32246 <-> ENABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (browser-plugins.rules)
 * 1:32262 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules)
 * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:32245 <-> ENABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (browser-plugins.rules)
 * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:24642 <-> DISABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX code execution attempt (server-webapp.rules)
 * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules)
 * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules)