Talos Rules 2016-03-11
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the deleted, file-flash, file-multimedia, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2016-03-11 23:09:05 UTC

Snort Subscriber Rules Update

Date: 2016-03-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:18692 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk (deleted.rules)
 * 1:23182 <-> ENABLED <-> SERVER-OTHER Joomla com_maqmahelpdesk task parameter local file inclusion attempt (server-other.rules)
 * 1:30577 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100166 (deleted.rules)
 * 1:30578 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100167 (deleted.rules)
 * 1:30579 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100168 (deleted.rules)
 * 1:30690 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100173 (deleted.rules)
 * 1:38164 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite UploadFileAction servlet directory traversal attempt (server-webapp.rules)
 * 1:38165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38170 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38171 <-> ENABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules)
 * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules)
 * 1:38173 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38174 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38175 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38176 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38177 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules)
 * 1:38178 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules)
 * 1:38179 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules)
 * 1:38180 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules)
 * 1:38181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38184 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules)
 * 1:38194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules)
 * 1:38195 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules)
 * 1:38196 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules)
 * 1:38197 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules)
 * 1:38198 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules)
 * 1:38199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules)
 * 1:38200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules)
 * 1:38201 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules)
 * 1:38202 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules)
 * 1:38203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules)
 * 1:38204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules)
 * 1:38205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38207 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38209 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules)
 * 1:38210 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules)
 * 1:38227 <-> DISABLED <-> FILE-FLASH Adobe Flash Player mp4 size memory corruption attempt (file-flash.rules)
 * 1:38226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules)
 * 1:38225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules)
 * 1:38224 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules)
 * 1:38223 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules)
 * 1:38222 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules)
 * 1:38219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38218 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed MP4 atom use-after-free attempt (file-multimedia.rules)
 * 1:38217 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 atom use-after-free attempt (file-multimedia.rules)
 * 1:38216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38215 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38213 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38211 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules)
 * 1:38212 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules)

Modified Rules:


 * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)

2016-03-11 23:09:05 UTC

Snort Subscriber Rules Update

Date: 2016-03-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:38227 <-> DISABLED <-> FILE-FLASH Adobe Flash Player mp4 size memory corruption attempt (file-flash.rules)
 * 1:38226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules)
 * 1:38225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules)
 * 1:38224 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules)
 * 1:38223 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules)
 * 1:38222 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules)
 * 1:38219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38218 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed MP4 atom use-after-free attempt (file-multimedia.rules)
 * 1:38217 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 atom use-after-free attempt (file-multimedia.rules)
 * 1:38216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38215 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38213 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38212 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules)
 * 1:38211 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules)
 * 1:38210 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules)
 * 1:38209 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules)
 * 1:38208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38207 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules)
 * 1:38203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules)
 * 1:38202 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules)
 * 1:38201 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules)
 * 1:38200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules)
 * 1:38199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules)
 * 1:38198 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules)
 * 1:38197 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules)
 * 1:38196 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules)
 * 1:38195 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules)
 * 1:38194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules)
 * 1:38193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules)
 * 1:38192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38184 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38180 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules)
 * 1:38179 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules)
 * 1:38178 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules)
 * 1:38177 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules)
 * 1:38176 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38175 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38174 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38173 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules)
 * 1:38171 <-> ENABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules)
 * 1:38170 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38164 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite UploadFileAction servlet directory traversal attempt (server-webapp.rules)
 * 1:30690 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100173 (deleted.rules)
 * 1:30579 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100168 (deleted.rules)
 * 1:30578 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100167 (deleted.rules)
 * 1:30577 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100166 (deleted.rules)
 * 1:23182 <-> ENABLED <-> SERVER-OTHER Joomla com_maqmahelpdesk task parameter local file inclusion attempt (server-other.rules)
 * 1:18692 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk (deleted.rules)

Modified Rules:


 * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)