Talos Rules 2018-10-02
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-plugins, file-image, file-other and malware-cnc rule sets to provide coverage for emerging threats from these technologies.

Change logs

2018-10-02 17:43:20 UTC

Snort Subscriber Rules Update

Date: 2018-10-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47925 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules)
 * 1:47924 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules)
 * 1:47928 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47931 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules)
 * 1:47930 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules)
 * 1:47929 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47934 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant outbound connection (malware-cnc.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules)
 * 1:47947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules)
 * 1:47946 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules)
 * 1:47945 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47938 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules)
 * 1:47937 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules)
 * 1:47936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules)
 * 1:47935 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47968 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47967 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47966 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules)
 * 1:47965 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules)
 * 1:47977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47974 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules)
 * 1:47973 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)

Modified Rules:


 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:47887 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:47888 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)

2018-10-02 17:43:20 UTC

Snort Subscriber Rules Update

Date: 2018-10-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47931 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47934 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant outbound connection (malware-cnc.rules)
 * 1:47935 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules)
 * 1:47920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47946 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules)
 * 1:47947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47945 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules)
 * 1:47930 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47929 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules)
 * 1:47928 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules)
 * 1:47925 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47938 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules)
 * 1:47936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules)
 * 1:47978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47973 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules)
 * 1:47974 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47967 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47968 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47965 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules)
 * 1:47966 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47937 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47924 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules)

Modified Rules:


 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47888 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:47887 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)

2018-10-02 17:43:20 UTC

Snort Subscriber Rules Update

Date: 2018-10-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (snort3-file-image.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (snort3-file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (snort3-file-image.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (snort3-file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (snort3-file-image.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (snort3-file-image.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (snort3-file-other.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47928 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (snort3-file-pdf.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (snort3-file-image.rules)
 * 1:47931 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (snort3-file-pdf.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (snort3-file-image.rules)
 * 1:47934 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:47935 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (snort3-malware-cnc.rules)
 * 1:47948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (snort3-file-pdf.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (snort3-file-image.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (snort3-file-other.rules)
 * 1:47945 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (snort3-file-pdf.rules)
 * 1:47946 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (snort3-file-pdf.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (snort3-file-image.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (snort3-file-image.rules)
 * 1:47978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (snort3-file-pdf.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (snort3-file-other.rules)
 * 1:47977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (snort3-file-pdf.rules)
 * 1:47974 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (snort3-file-pdf.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (snort3-file-other.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47973 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (snort3-file-pdf.rules)
 * 1:47970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47968 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (snort3-file-other.rules)
 * 1:47937 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (snort3-file-pdf.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (snort3-file-other.rules)
 * 1:47922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47930 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (snort3-file-pdf.rules)
 * 1:47938 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (snort3-file-pdf.rules)
 * 1:47936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (snort3-malware-cnc.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (snort3-file-other.rules)
 * 1:47966 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (snort3-file-pdf.rules)
 * 1:47967 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47965 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (snort3-file-pdf.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (snort3-file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (snort3-file-image.rules)
 * 1:47923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47924 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (snort3-file-pdf.rules)
 * 1:47925 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (snort3-file-pdf.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (snort3-file-image.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47929 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (snort3-file-pdf.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (snort3-file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (snort3-file-image.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (snort3-file-image.rules)
 * 1:47969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (snort3-file-image.rules)
 * 1:47947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (snort3-file-pdf.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (snort3-file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (snort3-file-other.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)

Modified Rules:


 * 1:47887 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:47888 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (snort3-file-pdf.rules)
 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (snort3-file-pdf.rules)
 * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (snort3-file-other.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (snort3-file-image.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (snort3-file-other.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (snort3-file-other.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (snort3-file-image.rules)
 * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (snort3-file-pdf.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (snort3-file-other.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (snort3-file-other.rules)
 * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (snort3-file-pdf.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules)

2018-10-02 17:43:20 UTC

Snort Subscriber Rules Update

Date: 2018-10-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47931 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules)
 * 1:47924 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47934 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant outbound connection (malware-cnc.rules)
 * 1:47935 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules)
 * 1:47936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules)
 * 1:47921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47938 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47974 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules)
 * 1:47973 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47928 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules)
 * 1:47969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47968 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47965 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules)
 * 1:47966 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47930 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47937 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47967 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47946 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules)
 * 1:47947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47945 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47929 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules)
 * 1:47925 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules)
 * 1:47923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)

Modified Rules:


 * 1:47887 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47888 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)

2018-10-02 17:43:20 UTC

Snort Subscriber Rules Update

Date: 2018-10-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47928 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules)
 * 1:47923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47924 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules)
 * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules)
 * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47934 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant outbound connection (malware-cnc.rules)
 * 1:47935 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules)
 * 1:47936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules)
 * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47929 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules)
 * 1:47965 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules)
 * 1:47930 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules)
 * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47974 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules)
 * 1:47948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules)
 * 1:47973 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules)
 * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47968 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules)
 * 1:47920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules)
 * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules)
 * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47937 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules)
 * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules)
 * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)
 * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules)
 * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules)
 * 1:47945 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules)
 * 1:47946 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules)
 * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules)
 * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules)
 * 1:47938 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules)
 * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules)
 * 1:47931 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules)
 * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:47967 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules)
 * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47966 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules)
 * 1:47977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules)
 * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules)
 * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules)
 * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules)
 * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules)
 * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:47925 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules)
 * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules)
 * 1:47978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules)
 * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules)
 * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules)
 * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules)
 * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules)
 * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules)

Modified Rules:


 * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules)
 * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules)
 * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules)
 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules)
 * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules)
 * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules)
 * 1:47887 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules)
 * 1:47888 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules)