Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-executable, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, os-linux, os-other, os-windows, policy-other, protocol-scada, protocol-snmp and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:40809 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules) * 1:40805 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules) * 1:40804 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules) * 1:40802 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules) * 1:40803 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules) * 1:40801 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:40794 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40792 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40793 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40777 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules) * 1:40791 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40776 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40756 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules) * 1:40757 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules) * 1:40539 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules) * 1:40540 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40489 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules) * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40488 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40483 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40481 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40479 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules) * 1:40480 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules) * 1:40478 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules) * 1:40477 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules) * 1:40476 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules) * 1:40474 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40475 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40472 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40473 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40470 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40471 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40468 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40469 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40429 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules) * 1:40430 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules) * 1:40336 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules) * 1:40337 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules) * 1:40314 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules) * 1:40315 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39884 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules) * 1:39883 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39876 <-> ENABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC SNMP request via undocumented community string attempt (protocol-snmp.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39635 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39632 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39634 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules) * 1:39630 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39631 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39628 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39629 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39626 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39627 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39624 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39625 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39622 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39623 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39620 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39621 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39618 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39619 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39616 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39617 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39614 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39610 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39613 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39612 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39611 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39608 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39609 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39606 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39604 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39605 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39602 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39603 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39601 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39467 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39162 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules) * 1:39466 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules) * 1:39161 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules) * 1:39149 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39148 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39079 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39078 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:38869 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules) * 1:38868 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules) * 1:38860 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules) * 1:38861 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38849 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:38850 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:38627 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules) * 1:38628 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37519 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules) * 1:37520 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules) * 1:37517 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules) * 1:37518 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37494 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules) * 1:36388 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules) * 1:37493 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules) * 1:36386 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules) * 1:36387 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules) * 1:36230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules) * 1:36385 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules) * 1:36229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules) * 1:36228 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36226 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36227 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36217 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules) * 1:36225 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36213 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules) * 1:36216 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:36212 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:42079 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules) * 1:42080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules) * 1:42081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:42083 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection attempt (malware-cnc.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42098 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:40806 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules) * 1:40919 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules) * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules) * 1:40901 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules) * 1:42073 <-> DISABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:41311 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:40900 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules) * 1:40920 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules) * 1:40899 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules) * 1:40810 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules) * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules) * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:40925 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules) * 1:41218 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules) * 1:41212 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server digest_ripe message field out of bounds read attempt (server-other.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules) * 1:40923 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules) * 1:40924 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules) * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules) * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules) * 1:40808 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules) * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40903 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules) * 1:41108 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules) * 1:41216 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules) * 1:41217 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules) * 1:40918 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:41310 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:40926 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules) * 1:40935 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40934 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40917 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules) * 1:40902 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules) * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:40898 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules) * 1:40807 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules) * 1:41213 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server client batch request exploit attempt (server-other.rules) * 1:41109 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules) * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42078 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0299 attack attempt (server-webapp.rules) * 3:42084 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42085 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42086 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42087 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42088 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules) * 3:42089 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules) * 3:42090 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules) * 3:42091 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
* 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:36968 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules) * 1:39865 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules) * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules) * 1:39864 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules) * 1:36969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules) * 1:37045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 3:40822 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules) * 3:40821 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules) * 3:40758 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0231 attack attempt (server-other.rules) * 3:42060 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP client dummy XID denial of service attempt (server-other.rules) * 3:40820 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0239 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:40805 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:36212 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules) * 1:36213 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules) * 1:36216 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules) * 1:36217 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules) * 1:36225 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36226 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36227 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36228 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules) * 1:36230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules) * 1:36385 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules) * 1:36386 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules) * 1:36387 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules) * 1:36388 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules) * 1:37493 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules) * 1:37494 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37517 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules) * 1:37518 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules) * 1:37519 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules) * 1:37520 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules) * 1:38627 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules) * 1:38628 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules) * 1:38849 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:38850 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38860 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules) * 1:38861 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules) * 1:38868 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules) * 1:38869 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39078 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:39079 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39148 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39149 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules) * 1:39161 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules) * 1:39162 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules) * 1:39466 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules) * 1:39467 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39601 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39602 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39603 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39604 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39605 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39606 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39608 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39609 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39610 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39611 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39612 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39613 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39614 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39616 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39617 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39618 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39619 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39620 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39621 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39622 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39623 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39624 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39625 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39626 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39627 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39628 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39629 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39630 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39631 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39632 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39634 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules) * 1:39635 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39876 <-> ENABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC SNMP request via undocumented community string attempt (protocol-snmp.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules) * 1:39883 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules) * 1:39884 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40314 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules) * 1:40315 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules) * 1:40336 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules) * 1:40337 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules) * 1:40429 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules) * 1:40430 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules) * 1:40468 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40469 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40470 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40471 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40472 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40473 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40474 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40475 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40476 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules) * 1:40477 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules) * 1:40478 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules) * 1:40479 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules) * 1:40480 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules) * 1:40481 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40483 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40488 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules) * 1:40489 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules) * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40539 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules) * 1:40540 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules) * 1:40756 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules) * 1:40757 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40776 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules) * 1:40777 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules) * 1:40791 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40792 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40793 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40794 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40801 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules) * 1:40802 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules) * 1:40803 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules) * 1:40804 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules) * 1:42099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42098 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42083 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection attempt (malware-cnc.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:42081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules) * 1:42079 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42073 <-> DISABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules) * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules) * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules) * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules) * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41311 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41310 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules) * 1:41218 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules) * 1:41217 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules) * 1:41216 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules) * 1:41213 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server client batch request exploit attempt (server-other.rules) * 1:41212 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server digest_ripe message field out of bounds read attempt (server-other.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41109 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules) * 1:41108 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules) * 1:40935 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40934 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40926 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules) * 1:40925 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules) * 1:40924 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules) * 1:40923 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40920 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules) * 1:40919 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules) * 1:40918 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules) * 1:40917 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules) * 1:40903 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules) * 1:40902 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules) * 1:40901 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules) * 1:40900 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules) * 1:40899 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules) * 1:40898 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40810 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules) * 1:40809 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules) * 1:40808 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules) * 1:40806 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules) * 1:40807 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules) * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42078 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0299 attack attempt (server-webapp.rules) * 3:42084 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42085 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42086 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42087 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42088 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules) * 3:42089 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules) * 3:42090 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules) * 3:42091 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
* 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules) * 1:39864 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:36968 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules) * 1:39865 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules) * 1:37045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:36969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules) * 3:40822 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules) * 3:40820 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0239 attack attempt (server-webapp.rules) * 3:40758 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0231 attack attempt (server-other.rules) * 3:40821 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules) * 3:42060 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP client dummy XID denial of service attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:42099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42098 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42083 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection attempt (malware-cnc.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:42081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules) * 1:42079 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42073 <-> DISABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules) * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules) * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules) * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules) * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41311 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41310 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules) * 1:41218 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules) * 1:41217 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules) * 1:41216 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules) * 1:41213 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server client batch request exploit attempt (server-other.rules) * 1:41212 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server digest_ripe message field out of bounds read attempt (server-other.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41109 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules) * 1:41108 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules) * 1:40935 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40934 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40926 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules) * 1:40925 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules) * 1:40924 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules) * 1:40923 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40920 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules) * 1:40919 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules) * 1:40918 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules) * 1:40917 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules) * 1:40903 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules) * 1:40902 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules) * 1:40901 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules) * 1:40900 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules) * 1:40899 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules) * 1:40898 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40810 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules) * 1:40809 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules) * 1:40808 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules) * 1:40807 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules) * 1:40806 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules) * 1:40805 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules) * 1:40804 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules) * 1:40803 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules) * 1:40802 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules) * 1:40801 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules) * 1:40794 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40793 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40792 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40791 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40777 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules) * 1:40776 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40757 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules) * 1:40756 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules) * 1:40540 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules) * 1:40539 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40489 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules) * 1:40488 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40483 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40481 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules) * 1:40480 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules) * 1:40479 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules) * 1:40478 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules) * 1:40477 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules) * 1:40476 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules) * 1:40475 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40474 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40473 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40472 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40471 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40470 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40469 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40468 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40430 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules) * 1:40429 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules) * 1:40337 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules) * 1:40336 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules) * 1:40315 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules) * 1:40314 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39884 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules) * 1:39883 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules) * 1:39876 <-> ENABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC SNMP request via undocumented community string attempt (protocol-snmp.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39635 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules) * 1:39634 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules) * 1:39632 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39631 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39630 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39629 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39628 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39627 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39626 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39625 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39624 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39623 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39622 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39621 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39620 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39619 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39618 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39617 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39616 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39614 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39613 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39612 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39611 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39610 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39609 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39608 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39606 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39605 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39604 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39603 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39602 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39601 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39467 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules) * 1:39466 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules) * 1:39162 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules) * 1:39161 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules) * 1:39149 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39148 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39079 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:39078 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules) * 1:38869 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules) * 1:38868 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules) * 1:38861 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules) * 1:38860 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38850 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:38849 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:38628 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules) * 1:38627 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37520 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules) * 1:37519 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules) * 1:37518 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules) * 1:37517 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37494 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules) * 1:37493 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules) * 1:36388 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules) * 1:36387 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules) * 1:36386 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules) * 1:36385 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules) * 1:36230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules) * 1:36229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules) * 1:36228 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36227 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36226 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36225 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36217 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules) * 1:36216 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules) * 1:36213 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules) * 1:36212 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42078 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0299 attack attempt (server-webapp.rules) * 3:42084 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42085 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42086 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42087 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules) * 3:42088 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules) * 3:42089 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules) * 3:42090 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules) * 3:42091 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
* 1:39864 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules) * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:36969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules) * 1:37045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:36968 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules) * 1:39865 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules) * 3:42060 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP client dummy XID denial of service attempt (server-other.rules) * 3:40822 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules) * 3:40758 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0231 attack attempt (server-other.rules) * 3:40820 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0239 attack attempt (server-webapp.rules) * 3:40821 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
