Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-executable, file-flash, file-other, file-pdf, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42421 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules) * 1:42405 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules) * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules) * 1:42403 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42404 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42425 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules) * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 3:42431 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0332 attack attempt (server-webapp.rules)
* 1:35811 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:31610 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:24777 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31608 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:24775 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:38096 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:38097 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:35812 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42425 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42403 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42404 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42405 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules) * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules) * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules) * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules) * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42421 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 3:42431 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0332 attack attempt (server-webapp.rules)
* 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:38096 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31610 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31608 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:24777 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24775 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:35811 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules) * 1:35812 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules) * 1:38097 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules) * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules) * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42425 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42421 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules) * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules) * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules) * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules) * 1:42405 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42404 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42403 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 3:42431 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0332 attack attempt (server-webapp.rules)
* 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24775 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24777 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31608 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31610 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:38097 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules) * 1:38096 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules) * 1:35812 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules) * 1:35811 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
