Talos has added and modified multiple rules in the blacklist, browser-ie, file-flash, file-image, file-multimedia, file-office, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc, os-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules) * 1:35746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35739 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35740 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules) * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules) * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules) * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection attempt (malware-cnc.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:35731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:35709 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules) * 1:35708 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35629 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35707 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35751 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules) * 1:35752 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules) * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection attempt (malware-cnc.rules) * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection attempt (malware-cnc.rules) * 1:35747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35768 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules) * 1:35769 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike inbound connection (malware-cnc.rules) * 1:35771 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35770 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike outbound connection (malware-cnc.rules) * 1:35772 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35767 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules) * 1:35628 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
* 1:24090 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:28852 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules) * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules) * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35752 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules) * 1:35753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection attempt (malware-cnc.rules) * 1:35751 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules) * 1:35748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection attempt (malware-cnc.rules) * 1:35746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules) * 1:35743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35740 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules) * 1:35739 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules) * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:35731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection attempt (malware-cnc.rules) * 1:35710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules) * 1:35708 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35709 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35629 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35707 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules) * 1:35772 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35771 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35770 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike outbound connection (malware-cnc.rules) * 1:35769 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike inbound connection (malware-cnc.rules) * 1:35768 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules) * 1:35767 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules) * 1:35628 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
* 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules) * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules) * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:24090 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:28852 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35772 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35771 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35770 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike outbound connection (malware-cnc.rules) * 1:35769 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike inbound connection (malware-cnc.rules) * 1:35768 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules) * 1:35767 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35752 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules) * 1:35751 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules) * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection attempt (malware-cnc.rules) * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection attempt (malware-cnc.rules) * 1:35748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules) * 1:35744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35740 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35739 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules) * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules) * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules) * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection attempt (malware-cnc.rules) * 1:35732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:35710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules) * 1:35709 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35708 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35707 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35629 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35628 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules)
* 1:24090 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:28852 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules) * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules) * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
