Talos has added and modified multiple rules in the browser-ie, file-flash and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39530 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules) * 1:39532 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules) * 1:39531 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules) * 1:39534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules) * 1:39549 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules) * 1:39547 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules) * 1:39548 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules) * 1:39545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules) * 1:39537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules) * 1:39536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules) * 1:39533 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules) * 1:39572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules) * 1:39535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules) * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules) * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules) * 1:39567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:39568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:39569 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules) * 1:39538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules) * 1:39570 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules) * 1:39571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules) * 1:39541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39546 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules) * 1:39550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules) * 1:39554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules) * 1:39555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules) * 1:39556 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules) * 1:39557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules) * 1:39558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free attempt (file-flash.rules) * 1:39559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free attempt (file-flash.rules) * 1:39560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:39562 <-> DISABLED <-> SERVER-WEBAPP Invision Power Board index.php content_class PHP code injection attempt (server-webapp.rules) * 1:39561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:39564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules) * 1:39563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules)
* 1:33300 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:38875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules) * 1:39498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:37653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:38874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules) * 1:37652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:33302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39549 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules) * 1:39548 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules) * 1:39547 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules) * 1:39545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules) * 1:39537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules) * 1:39536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules) * 1:39533 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules) * 1:39530 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules) * 1:39532 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules) * 1:39531 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules) * 1:39534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules) * 1:39535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules) * 1:39538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules) * 1:39541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39546 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules) * 1:39550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules) * 1:39553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules) * 1:39554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules) * 1:39555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules) * 1:39556 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules) * 1:39557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules) * 1:39558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free attempt (file-flash.rules) * 1:39559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free attempt (file-flash.rules) * 1:39560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:39561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:39562 <-> DISABLED <-> SERVER-WEBAPP Invision Power Board index.php content_class PHP code injection attempt (server-webapp.rules) * 1:39572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules) * 1:39571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules) * 1:39570 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules) * 1:39569 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules) * 1:39568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:39567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules) * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules) * 1:39564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules)
* 1:39498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:38875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules) * 1:38874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules) * 1:37653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:33302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:37652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:33300 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules) * 1:39571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules) * 1:39570 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules) * 1:39569 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules) * 1:39568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:39567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules) * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules) * 1:39564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39562 <-> DISABLED <-> SERVER-WEBAPP Invision Power Board index.php content_class PHP code injection attempt (server-webapp.rules) * 1:39561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:39560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:39559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free attempt (file-flash.rules) * 1:39558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free attempt (file-flash.rules) * 1:39557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules) * 1:39556 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules) * 1:39555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules) * 1:39554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules) * 1:39553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules) * 1:39552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules) * 1:39551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39549 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules) * 1:39548 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules) * 1:39547 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules) * 1:39546 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules) * 1:39545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules) * 1:39538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules) * 1:39537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules) * 1:39536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules) * 1:39535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules) * 1:39534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules) * 1:39533 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules) * 1:39532 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules) * 1:39531 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules) * 1:39530 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules)
* 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:33300 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:33302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:37652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:37653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:38874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules) * 1:38875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules) * 1:39498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
