Talos Rules 2015-08-18
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Internet Explorer Vulnerability CVE-2015-2502: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 35536 through 35537.

Talos has added and modified multiple rules in the blacklist, browser-plugins, file-flash, file-multimedia, file-pdf, indicator-compromise, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2015-08-18 16:11:38 UTC

Snort Subscriber Rules Update

Date: 2015-08-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35579 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35580 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35581 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player button pointer exploit attempt (file-flash.rules)
 * 1:35583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player button pointer exploit attempt (file-flash.rules)
 * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35609 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35605 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35604 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35602 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35603 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35597 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35595 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dpaste.dzfl.pl - Trojan.Win32.Nibagem (blacklist.rules)
 * 1:35593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tag length buffer overflow attempt (file-flash.rules)
 * 1:35594 <-> DISABLED <-> SERVER-WEBAPP Websense Triton Content Manager handle_debug_network stack buffer overflow attempt (server-webapp.rules)
 * 1:35590 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tag length buffer overflow attempt (file-flash.rules)
 * 1:35589 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35585 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35586 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF dereference attempt (file-flash.rules)
 * 1:35569 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent - Microsoft Internet Explorer - Win.Trojan.Backspace (blacklist.rules)
 * 1:35570 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:35572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF dereference attempt (file-flash.rules)
 * 1:35576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35588 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35591 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35615 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35616 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35617 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35618 <-> ENABLED <-> FILE-FLASH Adobe Flash Player slow script invalid pointer dereference attempt (file-flash.rules)
 * 1:35619 <-> ENABLED <-> FILE-FLASH Adobe Flash Player slow script invalid pointer dereference attempt (file-flash.rules)
 * 1:35620 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35621 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35622 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35623 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35596 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35578 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35601 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35573 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS compose.php SQL injection attempt (server-webapp.rules)
 * 1:35606 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35610 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35611 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules)
 * 1:35612 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules)
 * 1:35613 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules)
 * 1:35614 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)

Modified Rules:


 * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules)
 * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules)
 * 1:35568 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules)
 * 1:35566 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 1:35567 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules)
 * 1:35565 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 1:35564 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules)
 * 1:35562 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35563 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules)
 * 1:35561 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35560 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules)
 * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules)
 * 1:33211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules)
 * 1:26078 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules)

2015-08-18 16:11:38 UTC

Snort Subscriber Rules Update

Date: 2015-08-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35609 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35605 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35603 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35604 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35602 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35597 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35595 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dpaste.dzfl.pl - Trojan.Win32.Nibagem (blacklist.rules)
 * 1:35594 <-> DISABLED <-> SERVER-WEBAPP Websense Triton Content Manager handle_debug_network stack buffer overflow attempt (server-webapp.rules)
 * 1:35592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tag length buffer overflow attempt (file-flash.rules)
 * 1:35593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tag length buffer overflow attempt (file-flash.rules)
 * 1:35590 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35589 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35586 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35585 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF dereference attempt (file-flash.rules)
 * 1:35570 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:35571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF dereference attempt (file-flash.rules)
 * 1:35569 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent - Microsoft Internet Explorer - Win.Trojan.Backspace (blacklist.rules)
 * 1:35576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35573 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS compose.php SQL injection attempt (server-webapp.rules)
 * 1:35577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35578 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35579 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35580 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35581 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player button pointer exploit attempt (file-flash.rules)
 * 1:35583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player button pointer exploit attempt (file-flash.rules)
 * 1:35588 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35591 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35596 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35601 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35606 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35610 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35611 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules)
 * 1:35612 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules)
 * 1:35613 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules)
 * 1:35623 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35622 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35621 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35620 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35619 <-> ENABLED <-> FILE-FLASH Adobe Flash Player slow script invalid pointer dereference attempt (file-flash.rules)
 * 1:35618 <-> ENABLED <-> FILE-FLASH Adobe Flash Player slow script invalid pointer dereference attempt (file-flash.rules)
 * 1:35617 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35616 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35615 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35614 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)

Modified Rules:


 * 1:35566 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 1:35567 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules)
 * 1:35565 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 1:35564 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules)
 * 1:35563 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules)
 * 1:35562 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35560 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules)
 * 1:35561 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules)
 * 1:33211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:26078 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules)
 * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules)
 * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules)
 * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules)
 * 1:35568 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules)

2015-08-18 16:11:38 UTC

Snort Subscriber Rules Update

Date: 2015-08-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35623 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35622 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35621 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35620 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35619 <-> ENABLED <-> FILE-FLASH Adobe Flash Player slow script invalid pointer dereference attempt (file-flash.rules)
 * 1:35618 <-> ENABLED <-> FILE-FLASH Adobe Flash Player slow script invalid pointer dereference attempt (file-flash.rules)
 * 1:35617 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35616 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35615 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35614 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35613 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules)
 * 1:35612 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules)
 * 1:35611 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules)
 * 1:35610 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35609 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules)
 * 1:35606 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35605 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35604 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35603 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules)
 * 1:35602 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35601 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules)
 * 1:35597 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35596 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35595 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dpaste.dzfl.pl - Trojan.Win32.Nibagem (blacklist.rules)
 * 1:35594 <-> DISABLED <-> SERVER-WEBAPP Websense Triton Content Manager handle_debug_network stack buffer overflow attempt (server-webapp.rules)
 * 1:35593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tag length buffer overflow attempt (file-flash.rules)
 * 1:35592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tag length buffer overflow attempt (file-flash.rules)
 * 1:35591 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35590 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35589 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35588 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules)
 * 1:35587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35586 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35585 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules)
 * 1:35583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player button pointer exploit attempt (file-flash.rules)
 * 1:35582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player button pointer exploit attempt (file-flash.rules)
 * 1:35581 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35580 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35579 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35578 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules)
 * 1:35577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules)
 * 1:35573 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS compose.php SQL injection attempt (server-webapp.rules)
 * 1:35572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF dereference attempt (file-flash.rules)
 * 1:35571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF dereference attempt (file-flash.rules)
 * 1:35570 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:35569 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent - Microsoft Internet Explorer - Win.Trojan.Backspace (blacklist.rules)

Modified Rules:


 * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules)
 * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules)
 * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules)
 * 1:26078 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules)
 * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules)
 * 1:33211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35560 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules)
 * 1:35561 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35562 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules)
 * 1:35563 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules)
 * 1:35564 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules)
 * 1:35565 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 1:35566 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules)
 * 1:35567 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules)
 * 1:35568 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules)