Talos Rules 2017-08-03
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, exploit-kit, file-executable, file-flash, file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-backdoor, malware-cnc, protocol-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2017-08-03 18:18:17 UTC

Snort Subscriber Rules Update

Date: 2017-08-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42436 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules)
 * 1:42437 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera multipart boundary stack buffer overflow attempt (server-webapp.rules)
 * 1:42434 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules)
 * 1:42435 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules)
 * 1:42432 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules)
 * 1:42433 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules)
 * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules)
 * 1:42431 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Video Camera CGIProxy.fcgi query append buffer overflow attempt (server-webapp.rules)
 * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules)
 * 1:42321 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules)
 * 1:42322 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules)
 * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules)
 * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules)
 * 1:41345 <-> ENABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules)
 * 1:41344 <-> ENABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules)
 * 1:41313 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules)
 * 1:41312 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules)
 * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules)
 * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules)
 * 1:41307 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules)
 * 1:41306 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules)
 * 1:41225 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules)
 * 1:41224 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules)
 * 1:41223 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A plaintext password leak attempt (server-webapp.rules)
 * 1:41222 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application web_runScript access attempt (server-webapp.rules)
 * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules)
 * 1:40930 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules)
 * 1:40928 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules)
 * 1:40929 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules)
 * 1:40931 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules)
 * 1:41085 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A webSetPingTrace command injection attempt (server-webapp.rules)
 * 1:41103 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules)
 * 1:41104 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules)
 * 1:41105 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules)
 * 1:41196 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules)
 * 1:41197 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules)
 * 1:41220 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules)
 * 1:41221 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules)
 * 1:35832 <-> DISABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules)
 * 1:35833 <-> ENABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules)
 * 1:40758 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A backdoor root account access attempt (server-other.rules)
 * 1:40820 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A systemlog.log information disclosure attempt (server-webapp.rules)
 * 1:40821 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A makeonekey.gz information disclosure attempt (server-webapp.rules)
 * 1:40822 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A getonekey.gz information disclosure attempt (server-webapp.rules)
 * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A invalid HTTP request denial of service attempt (server-webapp.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:40909 <-> DISABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:40916 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A asqc.asp information disclosure attempt (server-webapp.rules)
 * 1:41352 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A Series cross-site request forgery attempt (server-webapp.rules)
 * 1:41364 <-> DISABLED <-> PROTOCOL-OTHER ARM mbed TLS x509 invalid public key remote code execution attempt (protocol-other.rules)
 * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules)
 * 1:41470 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules)
 * 1:41471 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules)
 * 1:41511 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules)
 * 1:41512 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules)
 * 1:41543 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules)
 * 1:41544 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules)
 * 1:41545 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules)
 * 1:41546 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules)
 * 1:41703 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules)
 * 1:41704 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules)
 * 1:41726 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules)
 * 1:41727 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules)
 * 1:41753 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules)
 * 1:41754 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules)
 * 1:41759 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules)
 * 1:41760 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules)
 * 1:41765 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules)
 * 1:41766 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules)
 * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules)
 * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules)
 * 1:42078 <-> DISABLED <-> SERVER-WEBAPP Foscam cgiproxy.fcgi stack buffer overflow attempt (server-webapp.rules)
 * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42088 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules)
 * 1:42089 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules)
 * 1:42090 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules)
 * 1:42091 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules)
 * 1:42137 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules)
 * 1:42138 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules)
 * 1:42140 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules)
 * 1:42141 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules)
 * 1:42177 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules)
 * 1:42178 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules)
 * 1:42195 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules)
 * 1:42196 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules)
 * 1:42244 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules)
 * 1:42245 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules)
 * 1:42246 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules)
 * 1:42247 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules)
 * 1:42248 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise eventsAjax SQL injection attempt (server-webapp.rules)
 * 1:42249 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise proxy SQL injection attempt (server-webapp.rules)
 * 1:42250 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise translationsAjax.php SQL injection attempt (server-webapp.rules)
 * 1:42251 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise genericAjax SQL injection attempt (server-webapp.rules)
 * 1:42252 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise PHP object injection attempt (server-webapp.rules)
 * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42273 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules)
 * 1:42274 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules)
 * 1:42290 <-> DISABLED <-> SERVER-WEBAPP Openfire userimportexport plugin XML external entity injection attempt (server-webapp.rules)
 * 1:43846 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules)
 * 1:40932 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules)
 * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules)
 * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules)
 * 1:43839 <-> DISABLED <-> INDICATOR-COMPROMISE backwards executable download (indicator-compromise.rules)
 * 1:43838 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash file contains reference to kernel32.dll (indicator-compromise.rules)
 * 1:43837 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript regex (indicator-obfuscation.rules)
 * 1:43836 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file packed with SecureSwf obfuscator (indicator-obfuscation.rules)
 * 1:43835 <-> DISABLED <-> EXPLOIT-KIT RIG exploit kit Adobe Flash exploit download (exploit-kit.rules)
 * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules)
 * 1:43833 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:43832 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:43831 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules)
 * 1:43830 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules)
 * 1:43829 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules)
 * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules)
 * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules)
 * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules)
 * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Xagent outbound connection (malware-cnc.rules)
 * 1:43824 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules)
 * 1:43823 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules)
 * 1:43822 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules)
 * 1:43821 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules)
 * 1:43820 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules)
 * 1:43819 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules)
 * 1:43213 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules)
 * 1:43212 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules)
 * 1:43061 <-> DISABLED <-> SERVER-WEBAPP Foscam changeUserName command passwd file injection attempt (server-webapp.rules)
 * 1:43005 <-> DISABLED <-> SERVER-WEBAPP Foscam setWifiSetting command psk stack buffer overflow attempt (server-webapp.rules)
 * 1:41102 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules)
 * 1:42998 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid MCS serverRandomLen out of bounds read attempt (protocol-other.rules)
 * 1:42975 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid EncryptedPlatformChallenge null pointer dereference attempt (protocol-other.rules)
 * 1:42973 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP RSA modulus length integer underflow attempt (protocol-other.rules)
 * 1:42974 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid cbCompanyName out of bounds read attempt (protocol-other.rules)
 * 1:40927 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules)
 * 1:42941 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP PER length integer underflow attempt (protocol-other.rules)
 * 3:39775 <-> ENABLED <-> BROWSER-OTHER PhotoShare information leakage attempt (browser-other.rules)

Modified Rules:


 * 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules)
 * 1:1985 <-> DISABLED <-> MALWARE-BACKDOOR Doly variant outbound connection attempt (malware-backdoor.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:38622 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules)
 * 1:38776 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules)
 * 1:38777 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules)
 * 1:38782 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules)
 * 1:38783 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules)
 * 1:39219 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:39220 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:40138 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40136 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40137 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40134 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40135 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40123 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules)
 * 1:40124 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules)
 * 1:40074 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules)
 * 1:40073 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39737 <-> DISABLED <-> SERVER-WEBAPP HttpOxy CGI application vulnerability potential man-in-the-middle attempt (server-webapp.rules)
 * 1:39525 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules)
 * 1:40139 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40140 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40141 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules)
 * 1:40158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules)
 * 1:40370 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules)
 * 1:40371 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules)
 * 1:40385 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules)
 * 1:40386 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules)
 * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
 * 1:40829 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules)
 * 1:40830 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules)
 * 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules)
 * 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules)
 * 1:40949 <-> ENABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules)
 * 1:40950 <-> ENABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules)
 * 1:40959 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:40960 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:41689 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41690 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41811 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file delete attempt (server-other.rules)
 * 1:42855 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42856 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules)
 * 1:39524 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules)
 * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)

2017-08-03 18:18:17 UTC

Snort Subscriber Rules Update

Date: 2017-08-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43846 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules)
 * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules)
 * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules)
 * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules)
 * 1:43839 <-> DISABLED <-> INDICATOR-COMPROMISE backwards executable download (indicator-compromise.rules)
 * 1:43838 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash file contains reference to kernel32.dll (indicator-compromise.rules)
 * 1:43837 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript regex (indicator-obfuscation.rules)
 * 1:43836 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file packed with SecureSwf obfuscator (indicator-obfuscation.rules)
 * 1:43835 <-> DISABLED <-> EXPLOIT-KIT RIG exploit kit Adobe Flash exploit download (exploit-kit.rules)
 * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules)
 * 1:43833 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:43832 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:43831 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules)
 * 1:43830 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules)
 * 1:43829 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules)
 * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules)
 * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules)
 * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules)
 * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Xagent outbound connection (malware-cnc.rules)
 * 1:43824 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules)
 * 1:43823 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules)
 * 1:43822 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules)
 * 1:43821 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules)
 * 1:43820 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules)
 * 1:43819 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules)
 * 1:43213 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules)
 * 1:43212 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules)
 * 1:43061 <-> DISABLED <-> SERVER-WEBAPP Foscam changeUserName command passwd file injection attempt (server-webapp.rules)
 * 1:43005 <-> DISABLED <-> SERVER-WEBAPP Foscam setWifiSetting command psk stack buffer overflow attempt (server-webapp.rules)
 * 1:42998 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid MCS serverRandomLen out of bounds read attempt (protocol-other.rules)
 * 1:42975 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid EncryptedPlatformChallenge null pointer dereference attempt (protocol-other.rules)
 * 1:42974 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid cbCompanyName out of bounds read attempt (protocol-other.rules)
 * 1:42973 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP RSA modulus length integer underflow attempt (protocol-other.rules)
 * 1:42941 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP PER length integer underflow attempt (protocol-other.rules)
 * 1:42437 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera multipart boundary stack buffer overflow attempt (server-webapp.rules)
 * 1:42436 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules)
 * 1:42435 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules)
 * 1:42434 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules)
 * 1:42433 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules)
 * 1:42432 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules)
 * 1:42431 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Video Camera CGIProxy.fcgi query append buffer overflow attempt (server-webapp.rules)
 * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules)
 * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules)
 * 1:42322 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules)
 * 1:42321 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules)
 * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules)
 * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules)
 * 1:42290 <-> DISABLED <-> SERVER-WEBAPP Openfire userimportexport plugin XML external entity injection attempt (server-webapp.rules)
 * 1:42274 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules)
 * 1:42273 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules)
 * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules)
 * 1:42252 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise PHP object injection attempt (server-webapp.rules)
 * 1:42251 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise genericAjax SQL injection attempt (server-webapp.rules)
 * 1:42250 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise translationsAjax.php SQL injection attempt (server-webapp.rules)
 * 1:42249 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise proxy SQL injection attempt (server-webapp.rules)
 * 1:42248 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise eventsAjax SQL injection attempt (server-webapp.rules)
 * 1:42247 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules)
 * 1:42246 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules)
 * 1:42245 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules)
 * 1:42244 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules)
 * 1:42196 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules)
 * 1:42195 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules)
 * 1:42178 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules)
 * 1:42177 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules)
 * 1:42141 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules)
 * 1:42140 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules)
 * 1:42138 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules)
 * 1:42137 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules)
 * 1:42091 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules)
 * 1:42090 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules)
 * 1:42089 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules)
 * 1:42088 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules)
 * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules)
 * 1:42078 <-> DISABLED <-> SERVER-WEBAPP Foscam cgiproxy.fcgi stack buffer overflow attempt (server-webapp.rules)
 * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules)
 * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules)
 * 1:41766 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules)
 * 1:41765 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules)
 * 1:41760 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules)
 * 1:41759 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules)
 * 1:41754 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules)
 * 1:41753 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules)
 * 1:41727 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules)
 * 1:41726 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules)
 * 1:41704 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules)
 * 1:41703 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules)
 * 1:41546 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules)
 * 1:41545 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules)
 * 1:41544 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules)
 * 1:41543 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules)
 * 1:41512 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules)
 * 1:41511 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules)
 * 1:41471 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules)
 * 1:41470 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules)
 * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules)
 * 1:41364 <-> DISABLED <-> PROTOCOL-OTHER ARM mbed TLS x509 invalid public key remote code execution attempt (protocol-other.rules)
 * 1:41352 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A Series cross-site request forgery attempt (server-webapp.rules)
 * 1:41345 <-> ENABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules)
 * 1:41344 <-> ENABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules)
 * 1:41313 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules)
 * 1:41312 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules)
 * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules)
 * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules)
 * 1:41307 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules)
 * 1:41306 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules)
 * 1:41225 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules)
 * 1:41224 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules)
 * 1:41223 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A plaintext password leak attempt (server-webapp.rules)
 * 1:41222 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application web_runScript access attempt (server-webapp.rules)
 * 1:41221 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules)
 * 1:41220 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules)
 * 1:41197 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules)
 * 1:41196 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules)
 * 1:41105 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules)
 * 1:41104 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules)
 * 1:41103 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules)
 * 1:41102 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules)
 * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules)
 * 1:41085 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A webSetPingTrace command injection attempt (server-webapp.rules)
 * 1:40932 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules)
 * 1:40931 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules)
 * 1:40930 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules)
 * 1:40929 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules)
 * 1:40928 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules)
 * 1:40927 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules)
 * 1:40916 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A asqc.asp information disclosure attempt (server-webapp.rules)
 * 1:40909 <-> DISABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules)
 * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A invalid HTTP request denial of service attempt (server-webapp.rules)
 * 1:40822 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A getonekey.gz information disclosure attempt (server-webapp.rules)
 * 1:40821 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A makeonekey.gz information disclosure attempt (server-webapp.rules)
 * 1:40820 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A systemlog.log information disclosure attempt (server-webapp.rules)
 * 1:40758 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A backdoor root account access attempt (server-other.rules)
 * 1:35833 <-> ENABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules)
 * 1:35832 <-> DISABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules)
 * 3:39775 <-> ENABLED <-> BROWSER-OTHER PhotoShare information leakage attempt (browser-other.rules)

Modified Rules:


 * 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules)
 * 1:1985 <-> DISABLED <-> MALWARE-BACKDOOR Doly variant outbound connection attempt (malware-backdoor.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:38622 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules)
 * 1:38776 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules)
 * 1:38777 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules)
 * 1:38782 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules)
 * 1:38783 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules)
 * 1:39219 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:39220 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:39524 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules)
 * 1:39525 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules)
 * 1:39737 <-> DISABLED <-> SERVER-WEBAPP HttpOxy CGI application vulnerability potential man-in-the-middle attempt (server-webapp.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:40073 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules)
 * 1:40074 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules)
 * 1:40123 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules)
 * 1:40124 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules)
 * 1:40134 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40135 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40136 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40137 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40138 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40139 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40140 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40141 <-> ENABLED <-> BROWSER-IE  Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules)
 * 1:40157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules)
 * 1:40158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules)
 * 1:40370 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules)
 * 1:40371 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules)
 * 1:40385 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules)
 * 1:40386 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules)
 * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
 * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
 * 1:40829 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules)
 * 1:40830 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules)
 * 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules)
 * 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules)
 * 1:40949 <-> ENABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules)
 * 1:40950 <-> ENABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules)
 * 1:40959 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:40960 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules)
 * 1:41689 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41690 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41811 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file delete attempt (server-other.rules)
 * 1:42855 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42856 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules)