Talos Rules 2019-10-15
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-plugins, browser-webkit, file-multimedia, file-other, os-mobile, os-windows, server-other and sql rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)

Modified Rules:


 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)

Modified Rules:


 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)

Modified Rules:


 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)

Modified Rules:


 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)

Modified Rules:


 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (snort3-file-other.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (snort3-file-other.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (snort3-browser-ie.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (snort3-browser-ie.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (snort3-server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (snort3-server-webapp.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (snort3-server-webapp.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (snort3-file-multimedia.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (snort3-file-multimedia.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (snort3-browser-webkit.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (snort3-browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (snort3-server-other.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (snort3-browser-plugins.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (snort3-os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (snort3-os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (snort3-os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (snort3-os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (snort3-browser-webkit.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (snort3-server-other.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (snort3-server-other.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (snort3-server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (snort3-server-webapp.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (snort3-server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (snort3-server-webapp.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (snort3-os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (snort3-os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (snort3-os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (snort3-os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (snort3-os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (snort3-os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (snort3-os-windows.rules)

Modified Rules:


 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (snort3-server-webapp.rules)
 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (snort3-sql.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (snort3-browser-plugins.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (snort3-server-webapp.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)

2019-10-15 12:30:13 UTC

Snort Subscriber Rules Update

Date: 2019-10-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules)
 * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules)
 * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules)
 * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules)
 * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules)
 * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules)
 * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules)
 * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules)
 * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules)
 * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules)
 * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules)
 * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules)
 * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules)
 * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules)
 * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)
 * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules)

Modified Rules:


 * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules)
 * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules)
 * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules)
 * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules)