Talos has added and modified multiple rules in the deleted, file-image, file-multimedia, file-other, file-pdf, malware-cnc, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (deleted.rules) * 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (malware-cnc.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (deleted.rules) * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (malware-cnc.rules) * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (server-webapp.rules) * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (server-other.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (malware-cnc.rules) * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules) * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules) * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules)
* 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (server-webapp.rules) * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (deleted.rules) * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (malware-cnc.rules) * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (malware-cnc.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (malware-cnc.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (deleted.rules) * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (server-other.rules) * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules) * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules) * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules)
* 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (snort3-file-image.rules) * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules) * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (snort3-malware-cnc.rules) * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (snort3-server-mail.rules) * 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules) * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (snort3-file-pdf.rules) * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (snort3-deleted.rules) * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (snort3-server-webapp.rules) * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (snort3-malware-cnc.rules) * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules) * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (snort3-server-webapp.rules) * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules) * 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules) * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (snort3-file-image.rules) * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-image.rules) * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-pdf.rules) * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (snort3-file-image.rules) * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (snort3-file-other.rules) * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (snort3-file-image.rules) * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (snort3-server-webapp.rules) * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (snort3-file-image.rules) * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (snort3-server-webapp.rules) * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (snort3-file-other.rules) * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (snort3-server-webapp.rules) * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-image.rules) * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (snort3-malware-cnc.rules) * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (snort3-file-pdf.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (snort3-file-image.rules) * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (snort3-malware-cnc.rules) * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (snort3-file-pdf.rules) * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (snort3-file-pdf.rules) * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (snort3-deleted.rules) * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (snort3-malware-cnc.rules) * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-pdf.rules) * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (snort3-file-pdf.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (snort3-file-image.rules) * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (snort3-malware-cnc.rules) * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (snort3-malware-cnc.rules) * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (snort3-malware-cnc.rules) * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (snort3-server-other.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (snort3-file-image.rules) * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (snort3-file-pdf.rules)
* 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (snort3-file-pdf.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (snort3-file-multimedia.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (snort3-file-pdf.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (snort3-file-multimedia.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (snort3-file-multimedia.rules) * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (snort3-file-other.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (snort3-file-pdf.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (snort3-file-pdf.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (snort3-file-other.rules) * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (snort3-file-multimedia.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (malware-cnc.rules) * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (deleted.rules) * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (server-webapp.rules) * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (server-other.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (malware-cnc.rules) * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (deleted.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (malware-cnc.rules) * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules) * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules) * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules)
* 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (server-webapp.rules) * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (deleted.rules) * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (malware-cnc.rules) * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (malware-cnc.rules) * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (malware-cnc.rules) * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (deleted.rules) * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (server-other.rules) * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules) * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules) * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules)
* 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
