Talos Rules 2019-10-15
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-plugins, browser-webkit, file-multimedia, file-other, os-mobile, os-windows, server-other and sql rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)

Modified Rules:


 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)

Modified Rules:


 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)

Modified Rules:


 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)

Modified Rules:


 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)

Modified Rules:


 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (snort3-file-other.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (snort3-file-other.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (snort3-browser-ie.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (snort3-browser-ie.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (snort3-server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (snort3-server-webapp.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (snort3-server-webapp.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (snort3-file-multimedia.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (snort3-file-multimedia.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (snort3-browser-webkit.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (snort3-browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (snort3-server-other.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (snort3-browser-plugins.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (snort3-os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (snort3-os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (snort3-os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (snort3-os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (snort3-server-other.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (snort3-server-other.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (snort3-server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (snort3-server-webapp.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (snort3-server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (snort3-server-webapp.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (snort3-os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (snort3-os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (snort3-os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (snort3-os-windows.rules)

Modified Rules:


 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (snort3-server-webapp.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (snort3-sql.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (snort3-browser-plugins.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)

Modified Rules:


 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)