Talos Rules 2019-01-24
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-other, browser-plugins, file-flash, file-other, file-pdf, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-01-24 17:55:05 UTC

Snort Subscriber Rules Update

Date: 2019-01-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48970 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules)
 * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48972 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules)
 * 1:48963 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules)
 * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48971 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules)
 * 1:48964 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules)
 * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48973 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules)
 * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48969 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules)
 * 1:48974 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules)
 * 3:48952 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48957 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48962 <-> ENABLED <-> SERVER-OTHER Cisco IoT Field Network Director UDP flood attempt (server-other.rules)
 * 3:48951 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules)
 * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48953 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48950 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams URI scheme remote code execution attempt (browser-other.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams URI scheme remote code execution attempt (browser-other.rules)
 * 3:48955 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48959 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48954 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48958 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48956 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)

Modified Rules:


 * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)

2019-01-24 17:55:05 UTC

Snort Subscriber Rules Update

Date: 2019-01-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48972 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules)
 * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48963 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules)
 * 1:48971 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules)
 * 1:48973 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules)
 * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48964 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules)
 * 1:48974 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules)
 * 1:48970 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules)
 * 1:48969 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules)
 * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48950 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48955 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48957 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48954 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48952 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48953 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams URI scheme remote code execution attempt (browser-other.rules)
 * 3:48959 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules)
 * 3:48958 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48956 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48951 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams URI scheme remote code execution attempt (browser-other.rules)
 * 3:48962 <-> ENABLED <-> SERVER-OTHER Cisco IoT Field Network Director UDP flood attempt (server-other.rules)

Modified Rules:


 * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)

2019-01-24 17:55:05 UTC

Snort Subscriber Rules Update

Date: 2019-01-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48964 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (snort3-os-windows.rules)
 * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (snort3-file-pdf.rules)
 * 1:48963 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (snort3-os-windows.rules)
 * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (snort3-file-pdf.rules)
 * 1:48970 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (snort3-file-other.rules)
 * 1:48971 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (snort3-file-other.rules)
 * 1:48974 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (snort3-file-pdf.rules)
 * 1:48969 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (snort3-file-other.rules)
 * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (snort3-file-pdf.rules)
 * 1:48972 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (snort3-file-other.rules)
 * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (snort3-file-pdf.rules)
 * 1:48973 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (snort3-file-pdf.rules)

Modified Rules:


 * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (snort3-browser-plugins.rules)
 * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (snort3-browser-plugins.rules)
 * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (snort3-file-flash.rules)
 * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (snort3-file-flash.rules)
 * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (snort3-browser-plugins.rules)
 * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (snort3-browser-plugins.rules)

2019-01-24 17:55:05 UTC

Snort Subscriber Rules Update

Date: 2019-01-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48970 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules)
 * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48971 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules)
 * 1:48963 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules)
 * 1:48964 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules)
 * 1:48969 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules)
 * 1:48972 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules)
 * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48973 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules)
 * 1:48974 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules)
 * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 3:48953 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48952 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48951 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48957 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48959 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48962 <-> ENABLED <-> SERVER-OTHER Cisco IoT Field Network Director UDP flood attempt (server-other.rules)
 * 3:48958 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams URI scheme remote code execution attempt (browser-other.rules)
 * 3:48950 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams URI scheme remote code execution attempt (browser-other.rules)
 * 3:48956 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48954 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48955 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules)

Modified Rules:


 * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)

2019-01-24 17:55:05 UTC

Snort Subscriber Rules Update

Date: 2019-01-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48974 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules)
 * 1:48973 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules)
 * 1:48972 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules)
 * 1:48971 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules)
 * 1:48970 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules)
 * 1:48969 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules)
 * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:48964 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules)
 * 1:48963 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules)
 * 3:48955 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48952 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48951 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams URI scheme remote code execution attempt (browser-other.rules)
 * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48959 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
 * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules)
 * 3:48950 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams URI scheme remote code execution attempt (browser-other.rules)
 * 3:48957 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48956 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48958 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48962 <-> ENABLED <-> SERVER-OTHER Cisco IoT Field Network Director UDP flood attempt (server-other.rules)
 * 3:48953 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)
 * 3:48954 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules)

Modified Rules:


 * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)
 * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules)