Talos Rules 2016-02-18
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-executable, file-flash, file-java, file-office, file-other, file-pdf, indicator-obfuscation, malware-cnc, netbios, os-windows, policy-other, protocol-dns, server-apache and sql rule sets to provide coverage for emerging threats from these technologies.

Change logs

2016-02-18 18:29:28 UTC

Snort Subscriber Rules Update

Date: 2016-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules)
 * 1:37715 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37714 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37721 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:37722 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37725 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
 * 1:37731 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo AAAA record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37734 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37735 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37736 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37737 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37738 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37694 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37730 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37728 <-> DISABLED <-> INDICATOR-OBFUSCATION SWF with large binary blob (indicator-obfuscation.rules)
 * 1:37727 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37726 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37720 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37713 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37712 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:37709 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37708 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37693 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37696 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37692 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37695 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37697 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)

Modified Rules:


 * 1:37645 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36771 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit viewforum uri request attempt (exploit-kit.rules)
 * 1:37629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:22102 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:36128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:21429 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:22101 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:21077 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules)
 * 1:20634 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules)
 * 1:18706 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules)
 * 1:18704 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:15194 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX function call access (browser-plugins.rules)
 * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35540 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:34390 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:35266 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:32862 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:34389 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:32861 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32859 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32860 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32857 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32360 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:32730 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:31926 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:30755 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:30328 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30327 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30166 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30165 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30163 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30164 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30161 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30162 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30159 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30160 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30157 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30158 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30155 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30156 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30154 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:28626 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:36821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:36822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:37626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:37631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37633 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:8375 <-> DISABLED <-> BROWSER-PLUGINS QuickTime Object ActiveX clsid access (browser-plugins.rules)
 * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
 * 1:28887 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28888 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28889 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28890 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:29213 <-> ENABLED <-> INDICATOR-OBFUSCATION potential math library debugging (indicator-obfuscation.rules)
 * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules)
 * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:29749 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules)
 * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules)
 * 1:30153 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30754 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules)
 * 1:31927 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:18705 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:32858 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21453 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:23517 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:25475 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23523 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:25393 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:23521 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:36129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:23518 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules)
 * 1:25779 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:23612 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23611 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23522 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules)
 * 1:23520 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:23524 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 3:30901 <-> ENABLED <-> FILE-FLASH known malicious flash actionscript decryption routine (file-flash.rules)

2016-02-18 18:29:27 UTC

Snort Subscriber Rules Update

Date: 2016-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37696 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37693 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37715 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37720 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37721 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37722 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:37725 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:37727 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37726 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37728 <-> DISABLED <-> INDICATOR-OBFUSCATION SWF with large binary blob (indicator-obfuscation.rules)
 * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
 * 1:37730 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37731 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo AAAA record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules)
 * 1:37734 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37735 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37736 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37737 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37738 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37714 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37712 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:37713 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37708 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37709 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37697 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37692 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:37694 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37695 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)

Modified Rules:


 * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:36819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:28626 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:8375 <-> DISABLED <-> BROWSER-PLUGINS QuickTime Object ActiveX clsid access (browser-plugins.rules)
 * 1:37633 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules)
 * 1:37631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:37630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36771 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit viewforum uri request attempt (exploit-kit.rules)
 * 1:36129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:28890 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:29213 <-> ENABLED <-> INDICATOR-OBFUSCATION potential math library debugging (indicator-obfuscation.rules)
 * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules)
 * 1:23517 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:22102 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:29749 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules)
 * 1:22101 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:21453 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:21429 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:21077 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules)
 * 1:20634 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules)
 * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules)
 * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:30153 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules)
 * 1:18706 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:30154 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30155 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:18705 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18704 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:30156 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:30157 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30158 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:30159 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30160 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules)
 * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:15194 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX function call access (browser-plugins.rules)
 * 1:30161 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:30162 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:30163 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30164 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30165 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30166 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30327 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30754 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:30328 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30755 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31927 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:31926 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:32360 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:32858 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32730 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:32857 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32859 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32860 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:37629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:32861 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:37645 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32862 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:34389 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:34390 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:35266 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:28889 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28888 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28887 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35540 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules)
 * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:23524 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:23520 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:23522 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules)
 * 1:23611 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23612 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23521 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:25393 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:23523 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:25475 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:23518 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25779 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 3:30901 <-> ENABLED <-> FILE-FLASH known malicious flash actionscript decryption routine (file-flash.rules)

2016-02-18 18:29:27 UTC

Snort Subscriber Rules Update

Date: 2016-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37738 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37737 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37736 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37735 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37734 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules)
 * 1:37731 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo AAAA record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37730 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
 * 1:37728 <-> DISABLED <-> INDICATOR-OBFUSCATION SWF with large binary blob (indicator-obfuscation.rules)
 * 1:37727 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37726 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37725 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:37724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:37723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37722 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37721 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37720 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37715 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37714 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37713 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37712 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37709 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37708 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37697 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37696 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37695 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37694 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37693 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37692 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:37689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)

Modified Rules:


 * 1:30327 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30166 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30165 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30164 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30163 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30162 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30161 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30160 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30159 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30158 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30157 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30156 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30155 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30154 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30153 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules)
 * 1:22102 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:23517 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:21453 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:22101 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:21077 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules)
 * 1:21429 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:20634 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules)
 * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules)
 * 1:18705 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18706 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18704 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:15194 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX function call access (browser-plugins.rules)
 * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
 * 1:8375 <-> DISABLED <-> BROWSER-PLUGINS QuickTime Object ActiveX clsid access (browser-plugins.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:37633 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules)
 * 1:37645 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:36822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36771 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit viewforum uri request attempt (exploit-kit.rules)
 * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:36129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35540 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35266 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:34390 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:34389 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32862 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32861 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32860 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32859 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32858 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32857 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32730 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:32360 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:31927 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:31926 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:30755 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:30754 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:30328 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:29749 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules)
 * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules)
 * 1:29213 <-> ENABLED <-> INDICATOR-OBFUSCATION potential math library debugging (indicator-obfuscation.rules)
 * 1:28890 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28889 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28888 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28887 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28626 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules)
 * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25779 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:25475 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:25393 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:23612 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23611 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23524 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:23523 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:23522 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules)
 * 1:23521 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:23520 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:23518 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 3:30901 <-> ENABLED <-> FILE-FLASH known malicious flash actionscript decryption routine (file-flash.rules)