Talos Rules 2018-07-10
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2018-0949: Microsoft Internet Explorer suffers from programming errors that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47091 through 47092.

Microsoft Vulnerability CVE-2018-8125: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47117 through 47118.

Microsoft Vulnerability CVE-2018-8242: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8262: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47113 through 47114.

Microsoft Vulnerability CVE-2018-8274: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47107 through 47108.

Microsoft Vulnerability CVE-2018-8275: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47100 through 47101.

Microsoft Vulnerability CVE-2018-8278: A coding deficiency exists in Microsoft Edge that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47119 through 47120.

Microsoft Vulnerability CVE-2018-8279: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47098 through 47099.

Microsoft Vulnerability CVE-2018-8282: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47096 through 47097.

Microsoft Vulnerability CVE-2018-8283: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47121 through 47122.

Microsoft Vulnerability CVE-2018-8288: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8289: Microsoft Edge suffers from programming errors that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47111 through 47112.

Microsoft Vulnerability CVE-2018-8291: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47109 through 47110.

Microsoft Vulnerability CVE-2018-8296: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8297: Microsoft Edge suffers from programming errors that may lead to information disclosure.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45121 through 45122.

Microsoft Vulnerability CVE-2018-8298: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47102 through 47103.

Microsoft Vulnerability CVE-2018-8324: Microsoft Edge suffers from programming errors that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47141 through 47142.

Change logs

2018-07-10 17:58:37 UTC

Snort Subscriber Rules Update

Date: 2018-07-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47117 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules)
 * 1:47100 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules)
 * 1:47099 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules)
 * 1:47098 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules)
 * 1:47097 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules)
 * 1:47096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules)
 * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47092 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules)
 * 1:47091 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules)
 * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47114 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules)
 * 1:47113 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules)
 * 1:47112 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules)
 * 1:47111 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules)
 * 1:47110 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:47109 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:47108 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules)
 * 1:47107 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules)
 * 1:47106 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47105 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47104 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47103 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules)
 * 1:47102 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules)
 * 1:47101 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47120 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (browser-ie.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (browser-ie.rules)
 * 1:47118 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules)
 * 1:47122 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:47121 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47142 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:47141 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:47140 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules)
 * 1:47139 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules)
 * 1:47138 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default credentials authentication attempt (server-webapp.rules)
 * 1:47137 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default token authentication attempt (server-webapp.rules)
 * 1:47136 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller uninstall action arbitrary command execution attempt (server-webapp.rules)
 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 3:47133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0625 attack attempt (server-webapp.rules)
 * 3:47134 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Router ozkerz timestamp command injection attempt (server-webapp.rules)
 * 3:47135 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Router ozkerz timestamp command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:39326 <-> DISABLED <-> SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt (server-apache.rules)
 * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:45628 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:45629 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:45922 <-> ENABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules)
 * 1:46548 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules)
 * 1:46549 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules)
 * 1:47031 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup LicenseService.pm command injection attempt (server-webapp.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)

2018-07-10 17:58:37 UTC

Snort Subscriber Rules Update

Date: 2018-07-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules)
 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47100 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules)
 * 1:47091 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules)
 * 1:47101 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules)
 * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47102 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules)
 * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47103 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules)
 * 1:47104 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47105 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47106 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47107 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules)
 * 1:47108 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules)
 * 1:47109 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:47099 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules)
 * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47097 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules)
 * 1:47141 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:47140 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules)
 * 1:47122 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:47092 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules)
 * 1:47121 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (browser-ie.rules)
 * 1:47120 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (browser-ie.rules)
 * 1:47117 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules)
 * 1:47118 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules)
 * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47113 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules)
 * 1:47114 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules)
 * 1:47139 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules)
 * 1:47137 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default token authentication attempt (server-webapp.rules)
 * 1:47138 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default credentials authentication attempt (server-webapp.rules)
 * 1:47136 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller uninstall action arbitrary command execution attempt (server-webapp.rules)
 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47098 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47142 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:47112 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules)
 * 1:47110 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:47111 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 3:47133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0625 attack attempt (server-webapp.rules)
 * 3:47135 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Router ozkerz timestamp command injection attempt (server-webapp.rules)
 * 3:47134 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Router ozkerz timestamp command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:39326 <-> DISABLED <-> SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt (server-apache.rules)
 * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:45628 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:45629 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:45922 <-> ENABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules)
 * 1:46548 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules)
 * 1:46549 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules)
 * 1:47031 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup LicenseService.pm command injection attempt (server-webapp.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)

2018-07-10 17:58:37 UTC

Snort Subscriber Rules Update

Date: 2018-07-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (snort3-file-other.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (snort3-file-image.rules)
 * 1:47137 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default token authentication attempt (snort3-server-webapp.rules)
 * 1:47091 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (snort3-browser-ie.rules)
 * 1:47136 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller uninstall action arbitrary command execution attempt (snort3-server-webapp.rules)
 * 1:47118 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (snort3-browser-ie.rules)
 * 1:47099 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (snort3-browser-ie.rules)
 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (snort3-file-other.rules)
 * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (snort3-pua-adware.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (snort3-file-other.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (snort3-file-other.rules)
 * 1:47142 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (snort3-browser-ie.rules)
 * 1:47141 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (snort3-browser-ie.rules)
 * 1:47140 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47139 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47138 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default credentials authentication attempt (snort3-server-webapp.rules)
 * 1:47096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:47098 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (snort3-browser-ie.rules)
 * 1:47101 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (snort3-browser-ie.rules)
 * 1:47117 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (snort3-browser-ie.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (snort3-file-other.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (snort3-file-other.rules)
 * 1:47102 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (snort3-browser-ie.rules)
 * 1:47111 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (snort3-browser-ie.rules)
 * 1:47122 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:47112 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (snort3-browser-ie.rules)
 * 1:47113 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (snort3-browser-ie.rules)
 * 1:47097 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:47103 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (snort3-browser-ie.rules)
 * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (snort3-pua-adware.rules)
 * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (snort3-pua-adware.rules)
 * 1:47092 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (snort3-browser-ie.rules)
 * 1:47104 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (snort3-server-webapp.rules)
 * 1:47105 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (snort3-server-webapp.rules)
 * 1:47106 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (snort3-server-webapp.rules)
 * 1:47107 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (snort3-browser-ie.rules)
 * 1:47108 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (snort3-browser-ie.rules)
 * 1:47109 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:47110 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules)
 * 1:47100 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (snort3-browser-ie.rules)
 * 1:47114 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (snort3-browser-ie.rules)
 * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (snort3-server-mail.rules)
 * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (snort3-server-mail.rules)
 * 1:47127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (snort3-file-flash.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (snort3-file-other.rules)
 * 1:47128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (snort3-file-flash.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (snort3-file-other.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (snort3-file-image.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (snort3-browser-ie.rules)
 * 1:47120 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (snort3-browser-ie.rules)
 * 1:47121 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules)

Modified Rules:


 * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (snort3-browser-ie.rules)
 * 1:45628 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:45629 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (snort3-browser-ie.rules)
 * 1:45922 <-> ENABLED <-> EXPLOIT-KIT Terror EK exe download attempt (snort3-exploit-kit.rules)
 * 1:46548 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (snort3-browser-ie.rules)
 * 1:46549 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (snort3-browser-ie.rules)
 * 1:47031 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup LicenseService.pm command injection attempt (snort3-server-webapp.rules)
 * 1:39326 <-> DISABLED <-> SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt (snort3-server-apache.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (snort3-file-other.rules)
 * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (snort3-browser-ie.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (snort3-file-other.rules)

2018-07-10 17:58:37 UTC

Snort Subscriber Rules Update

Date: 2018-07-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47108 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules)
 * 1:47138 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default credentials authentication attempt (server-webapp.rules)
 * 1:47112 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules)
 * 1:47092 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47098 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules)
 * 1:47099 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules)
 * 1:47139 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules)
 * 1:47140 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules)
 * 1:47141 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:47142 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47100 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules)
 * 1:47101 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules)
 * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47136 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller uninstall action arbitrary command execution attempt (server-webapp.rules)
 * 1:47110 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:47102 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules)
 * 1:47103 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules)
 * 1:47104 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47105 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47106 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47107 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules)
 * 1:47097 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules)
 * 1:47096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules)
 * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47091 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47120 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (browser-ie.rules)
 * 1:47118 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (browser-ie.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47121 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:47122 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47137 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default token authentication attempt (server-webapp.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47114 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules)
 * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47113 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules)
 * 1:47111 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules)
 * 1:47117 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules)
 * 1:47109 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 3:47134 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Router ozkerz timestamp command injection attempt (server-webapp.rules)
 * 3:47135 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Router ozkerz timestamp command injection attempt (server-webapp.rules)
 * 3:47133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0625 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47031 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup LicenseService.pm command injection attempt (server-webapp.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:45628 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:45629 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:45922 <-> ENABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules)
 * 1:46548 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules)
 * 1:46549 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules)
 * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:39326 <-> DISABLED <-> SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt (server-apache.rules)
 * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)

2018-07-10 17:58:37 UTC

Snort Subscriber Rules Update

Date: 2018-07-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules)
 * 1:47097 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules)
 * 1:47139 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules)
 * 1:47098 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules)
 * 1:47103 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules)
 * 1:47137 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default token authentication attempt (server-webapp.rules)
 * 1:47138 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default credentials authentication attempt (server-webapp.rules)
 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47140 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules)
 * 1:47141 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:47142 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules)
 * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47136 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller uninstall action arbitrary command execution attempt (server-webapp.rules)
 * 1:47100 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules)
 * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47121 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47120 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (browser-ie.rules)
 * 1:47117 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules)
 * 1:47122 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:47119 <-> ENABLED <-> BROWSER-IE Microsoft Edge url spoofing attempt (browser-ie.rules)
 * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47113 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules)
 * 1:47118 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules)
 * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules)
 * 1:47112 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules)
 * 1:47114 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules)
 * 1:47111 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules)
 * 1:47110 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:47092 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules)
 * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules)
 * 1:47101 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules)
 * 1:47099 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules)
 * 1:47104 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules)
 * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules)
 * 1:47091 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules)
 * 1:47107 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules)
 * 1:47109 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules)
 * 1:47108 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules)
 * 1:47105 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47106 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules)
 * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules)
 * 1:47102 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules)
 * 3:47134 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Router ozkerz timestamp command injection attempt (server-webapp.rules)
 * 3:47135 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Router ozkerz timestamp command injection attempt (server-webapp.rules)
 * 3:47133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0625 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:39326 <-> DISABLED <-> SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt (server-apache.rules)
 * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:45628 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:45922 <-> ENABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules)
 * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple products SGI ZSIZE header information overflow attempt (file-other.rules)
 * 1:46548 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules)
 * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:45629 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules)
 * 1:46549 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules)
 * 1:47031 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup LicenseService.pm command injection attempt (server-webapp.rules)