Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-other, browser-plugins, deleted, file-flash, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules) * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44022 <-> DISABLED <-> DELETED asdfasdfasdfadsfadgdfgadgg (deleted.rules) * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44029 <-> DISABLED <-> DELETED 5urthfgbq4ershgq3hsttsgn (deleted.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules) * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules) * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44036 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules) * 1:44042 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44021 <-> DISABLED <-> SERVER-WEBAPP Dell OpenManage server application field buffer overflow attempt (server-webapp.rules) * 1:44043 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44017 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44018 <-> DISABLED <-> DELETED qw34redfaqwefsdfcasdfvadsfadfdf (deleted.rules) * 1:44016 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44052 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules) * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 3:44063 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework AutoVNF directory traversal attempt (server-webapp.rules)
* 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:43883 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules) * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules) * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules) * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules) * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44052 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44022 <-> DISABLED <-> DELETED asdfasdfasdfadsfadgdfgadgg (deleted.rules) * 1:44021 <-> DISABLED <-> SERVER-WEBAPP Dell OpenManage server application field buffer overflow attempt (server-webapp.rules) * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules) * 1:44017 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44018 <-> DISABLED <-> DELETED qw34redfaqwefsdfcasdfvadsfadfdf (deleted.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44029 <-> DISABLED <-> DELETED 5urthfgbq4ershgq3hsttsgn (deleted.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules) * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules) * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44036 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules) * 1:44042 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44043 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44016 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 3:44063 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework AutoVNF directory traversal attempt (server-webapp.rules)
* 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules) * 1:43883 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules) * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules) * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules) * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules) * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules) * 1:44052 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44043 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:44042 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules) * 1:44036 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules) * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules) * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44029 <-> DISABLED <-> DELETED 5urthfgbq4ershgq3hsttsgn (deleted.rules) * 1:44028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44022 <-> DISABLED <-> DELETED asdfasdfasdfadsfadgdfgadgg (deleted.rules) * 1:44021 <-> DISABLED <-> SERVER-WEBAPP Dell OpenManage server application field buffer overflow attempt (server-webapp.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44018 <-> DISABLED <-> DELETED qw34redfaqwefsdfcasdfvadsfadfdf (deleted.rules) * 1:44017 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44016 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules) * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 3:44063 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework AutoVNF directory traversal attempt (server-webapp.rules)
* 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules) * 1:43883 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules) * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules) * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
