Talos Rules 2015-08-20
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, exploit-kit, file-flash, malware-cnc, policy-other, server-mssql and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-08-20 17:59:54 UTC

Snort Subscriber Rules Update

Date: 2015-08-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35536 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules)
 * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules)
 * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules)
 * 1:35685 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules)
 * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules)
 * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35671 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35672 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35667 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules)
 * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35666 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules)
 * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35663 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules)
 * 1:35662 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules)
 * 1:35660 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35661 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35658 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35659 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35656 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35657 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35654 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35655 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35650 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35648 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35649 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35646 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35647 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35644 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35645 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35642 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35643 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35640 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules)
 * 1:35641 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35638 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35639 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules)
 * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules)
 * 1:35634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35635 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules)
 * 1:35537 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules)
 * 1:35696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35698 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35697 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35699 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules)
 * 1:35700 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules)
 * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35687 <-> ENABLED <-> SERVER-WEBAPP Semantec Endpoint Protection Manager server elevated privilege code execution attempt (server-webapp.rules)
 * 1:35686 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)

Modified Rules:


 * 1:31627 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt  (browser-ie.rules)
 * 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules)
 * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit flash exploit download attempt (exploit-kit.rules)
 * 1:35198 <-> ENABLED <-> SERVER-MSSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mssql.rules)
 * 1:35462 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:31628 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt  (browser-ie.rules)

2015-08-20 17:59:54 UTC

Snort Subscriber Rules Update

Date: 2015-08-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35685 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules)
 * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules)
 * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35672 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35671 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35666 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules)
 * 1:35667 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules)
 * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35662 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules)
 * 1:35663 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules)
 * 1:35660 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35661 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35658 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35659 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35656 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35657 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35655 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35654 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35650 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35648 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35649 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35646 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35647 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35644 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35645 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35642 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35643 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35640 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules)
 * 1:35641 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35638 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35639 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules)
 * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules)
 * 1:35634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35635 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules)
 * 1:35537 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules)
 * 1:35536 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules)
 * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules)
 * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules)
 * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules)
 * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules)
 * 1:35700 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35699 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35698 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35697 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35687 <-> ENABLED <-> SERVER-WEBAPP Semantec Endpoint Protection Manager server elevated privilege code execution attempt (server-webapp.rules)
 * 1:35686 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)

Modified Rules:


 * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit flash exploit download attempt (exploit-kit.rules)
 * 1:35198 <-> ENABLED <-> SERVER-MSSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mssql.rules)
 * 1:35462 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:31628 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt  (browser-ie.rules)
 * 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules)
 * 1:31627 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt  (browser-ie.rules)

2015-08-20 17:59:54 UTC

Snort Subscriber Rules Update

Date: 2015-08-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules)
 * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules)
 * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules)
 * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules)
 * 1:35700 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35699 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35698 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35697 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35687 <-> ENABLED <-> SERVER-WEBAPP Semantec Endpoint Protection Manager server elevated privilege code execution attempt (server-webapp.rules)
 * 1:35686 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:35685 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules)
 * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules)
 * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules)
 * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules)
 * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules)
 * 1:35674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35672 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35671 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules)
 * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules)
 * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:35667 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules)
 * 1:35666 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules)
 * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
 * 1:35663 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules)
 * 1:35662 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules)
 * 1:35661 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35660 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35659 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35658 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules)
 * 1:35657 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35656 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35655 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35654 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35650 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35649 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35648 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35647 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35646 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules)
 * 1:35645 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35644 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35643 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35642 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules)
 * 1:35641 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35640 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules)
 * 1:35639 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35638 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules)
 * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules)
 * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules)
 * 1:35635 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules)
 * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules)
 * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules)
 * 1:35537 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules)
 * 1:35536 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules)

Modified Rules:


 * 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules)
 * 1:31627 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt  (browser-ie.rules)
 * 1:31628 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt  (browser-ie.rules)
 * 1:35198 <-> ENABLED <-> SERVER-MSSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mssql.rules)
 * 1:35462 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit flash exploit download attempt (exploit-kit.rules)