VRT Rules 2014-12-09
The VRT is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Security Bulletin MS14-075: Coding deficiencies exist in Microsoft Exchange Server that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 32681 through 32682 and 32705.

Microsoft Security Bulletin MS14-080: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 32679 through 32680, 32685 through 32686, 32689 through 32694, 32703 through 32704, 32709 through 32710, 32713 through 32717, and 32720 through 32725.

Microsoft Security Bulletin MS14-081: Programming errors exist in Microsoft Word and Microsoft Office Web Apps that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 32707 through 32708 and 32711 through 32712.

Microsoft Security Bulletin MS14-082: A coding deficiency exists in Microsoft Office that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 32687 through 32688.

Microsoft Security Bulletin MS14-083: A coding deficiency exists in Microsoft Excel that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 32683 through 32684 and 32718 through 32719.

Microsoft Security Bulletin MS14-084: A coding deficiency exists in Microsoft VBScript scripting engine that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 32709.

Microsoft Security Bulletin MS14-085: A coding deficiency exists in Microsoft Graphics Component that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 32695 through 32702.

The VRT has also added and modified multiple rules in the blacklist, browser-ie, browser-other, deleted, file-office, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2014-12-09 19:31:14 UTC

Sourcefire VRT Rules Update

Date: 2014-12-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules)
 * 1:32717 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules)
 * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules)
 * 1:32720 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules)
 * 1:32721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules)
 * 1:32723 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CButton object use after free attempt (browser-ie.rules)
 * 1:32722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CButton object use after free attempt (browser-ie.rules)
 * 1:32724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos insertAdjacentText use after free attempt (browser-ie.rules)
 * 1:32725 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos insertAdjacentText use after free attempt (browser-ie.rules)
 * 1:32675 <-> DISABLED <-> DELETED BLACKLIST User-Agent known malicious user-agent string for Safari version that does not exist (deleted.rules)
 * 1:32676 <-> ENABLED <-> BLACKLIST DNS request for known malware domain danidata.dk (blacklist.rules)
 * 1:32677 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection attempt (malware-cnc.rules)
 * 1:32678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection attempt (malware-cnc.rules)
 * 1:32679 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer lineboxbuilder out of bound array access attempt (browser-ie.rules)
 * 1:32680 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer lineboxbuilder out of bound array access attempt (browser-ie.rules)
 * 1:32681 <-> ENABLED <-> SERVER-WEBAPP Microsoft Outlook Web Access parameter cross site scripting attempt (server-webapp.rules)
 * 1:32682 <-> ENABLED <-> SERVER-WEBAPP Microsoft Outlook Web Access parameter cross site scripting attempt (server-webapp.rules)
 * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules)
 * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules)
 * 1:32685 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setTimeout use after free attempt (browser-ie.rules)
 * 1:32686 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setTimeout use after free attempt (browser-ie.rules)
 * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules)
 * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules)
 * 1:32689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style object type confusion attempt (browser-ie.rules)
 * 1:32690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style object type confusion attempt (browser-ie.rules)
 * 1:32691 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer NodeFilter use after free attempt (browser-ie.rules)
 * 1:32692 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer NodeFilter use after free attempt (browser-ie.rules)
 * 1:32693 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS out-of-bounds buffer access attempt (browser-ie.rules)
 * 1:32694 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS out-of-bounds buffer access attempt (browser-ie.rules)
 * 1:32695 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32696 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32697 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32698 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32699 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32700 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32716 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules)
 * 1:32703 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use of rtf file in clipboard attempt (browser-ie.rules)
 * 1:32704 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use of rtf file in clipboard attempt (browser-ie.rules)
 * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules)
 * 1:32706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules)
 * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules)
 * 1:32709 <-> ENABLED <-> BROWSER-IE VBScript RegEx use-after-free attempt (browser-ie.rules)
 * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules)
 * 1:32710 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSS filter bypass attempt (browser-ie.rules)
 * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules)
 * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules)
 * 1:32702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32714 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTableSection remote code execution attempt (browser-ie.rules)
 * 1:32715 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTableSection remote code execution attempt (browser-ie.rules)

Modified Rules:


 * 1:20160 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish Server successful authentication bypass attempt (server-webapp.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 3:10127 <-> ENABLED <-> OS-WINDOWS Microsoft IP Options denial of service (os-windows.rules)

2014-12-09 19:31:14 UTC

Sourcefire VRT Rules Update

Date: 2014-12-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:32675 <-> DISABLED <-> DELETED BLACKLIST User-Agent known malicious user-agent string for Safari version that does not exist (deleted.rules)
 * 1:32676 <-> ENABLED <-> BLACKLIST DNS request for known malware domain danidata.dk (blacklist.rules)
 * 1:32677 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection attempt (malware-cnc.rules)
 * 1:32678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection attempt (malware-cnc.rules)
 * 1:32679 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer lineboxbuilder out of bound array access attempt (browser-ie.rules)
 * 1:32680 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer lineboxbuilder out of bound array access attempt (browser-ie.rules)
 * 1:32681 <-> ENABLED <-> SERVER-WEBAPP Microsoft Outlook Web Access parameter cross site scripting attempt (server-webapp.rules)
 * 1:32682 <-> ENABLED <-> SERVER-WEBAPP Microsoft Outlook Web Access parameter cross site scripting attempt (server-webapp.rules)
 * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules)
 * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules)
 * 1:32685 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setTimeout use after free attempt (browser-ie.rules)
 * 1:32686 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setTimeout use after free attempt (browser-ie.rules)
 * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules)
 * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules)
 * 1:32689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style object type confusion attempt (browser-ie.rules)
 * 1:32690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style object type confusion attempt (browser-ie.rules)
 * 1:32691 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer NodeFilter use after free attempt (browser-ie.rules)
 * 1:32692 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer NodeFilter use after free attempt (browser-ie.rules)
 * 1:32693 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS out-of-bounds buffer access attempt (browser-ie.rules)
 * 1:32694 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS out-of-bounds buffer access attempt (browser-ie.rules)
 * 1:32695 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32696 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32697 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32698 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32699 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32700 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32703 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use of rtf file in clipboard attempt (browser-ie.rules)
 * 1:32704 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use of rtf file in clipboard attempt (browser-ie.rules)
 * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules)
 * 1:32706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules)
 * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules)
 * 1:32709 <-> ENABLED <-> BROWSER-IE VBScript RegEx use-after-free attempt (browser-ie.rules)
 * 1:32710 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSS filter bypass attempt (browser-ie.rules)
 * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules)
 * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules)
 * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules)
 * 1:32725 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos insertAdjacentText use after free attempt (browser-ie.rules)
 * 1:32724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos insertAdjacentText use after free attempt (browser-ie.rules)
 * 1:32723 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CButton object use after free attempt (browser-ie.rules)
 * 1:32722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CButton object use after free attempt (browser-ie.rules)
 * 1:32721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules)
 * 1:32720 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules)
 * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules)
 * 1:32717 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules)
 * 1:32716 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules)
 * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules)
 * 1:32715 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTableSection remote code execution attempt (browser-ie.rules)
 * 1:32714 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTableSection remote code execution attempt (browser-ie.rules)

Modified Rules:


 * 1:20160 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish Server successful authentication bypass attempt (server-webapp.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 3:10127 <-> ENABLED <-> OS-WINDOWS Microsoft IP Options denial of service (os-windows.rules)

2014-12-09 19:31:14 UTC

Sourcefire VRT Rules Update

Date: 2014-12-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:32725 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos insertAdjacentText use after free attempt (browser-ie.rules)
 * 1:32724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos insertAdjacentText use after free attempt (browser-ie.rules)
 * 1:32723 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CButton object use after free attempt (browser-ie.rules)
 * 1:32722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CButton object use after free attempt (browser-ie.rules)
 * 1:32721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules)
 * 1:32720 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules)
 * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules)
 * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules)
 * 1:32717 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules)
 * 1:32716 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules)
 * 1:32715 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTableSection remote code execution attempt (browser-ie.rules)
 * 1:32714 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTableSection remote code execution attempt (browser-ie.rules)
 * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules)
 * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules)
 * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules)
 * 1:32710 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSS filter bypass attempt (browser-ie.rules)
 * 1:32709 <-> ENABLED <-> BROWSER-IE VBScript RegEx use-after-free attempt (browser-ie.rules)
 * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules)
 * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules)
 * 1:32706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules)
 * 1:32704 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use of rtf file in clipboard attempt (browser-ie.rules)
 * 1:32703 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use of rtf file in clipboard attempt (browser-ie.rules)
 * 1:32702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32700 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32699 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32698 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32697 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32696 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32695 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32694 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS out-of-bounds buffer access attempt (browser-ie.rules)
 * 1:32693 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS out-of-bounds buffer access attempt (browser-ie.rules)
 * 1:32692 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer NodeFilter use after free attempt (browser-ie.rules)
 * 1:32691 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer NodeFilter use after free attempt (browser-ie.rules)
 * 1:32690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style object type confusion attempt (browser-ie.rules)
 * 1:32689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style object type confusion attempt (browser-ie.rules)
 * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules)
 * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules)
 * 1:32686 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setTimeout use after free attempt (browser-ie.rules)
 * 1:32685 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setTimeout use after free attempt (browser-ie.rules)
 * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules)
 * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules)
 * 1:32682 <-> ENABLED <-> SERVER-WEBAPP Microsoft Outlook Web Access parameter cross site scripting attempt (server-webapp.rules)
 * 1:32681 <-> ENABLED <-> SERVER-WEBAPP Microsoft Outlook Web Access parameter cross site scripting attempt (server-webapp.rules)
 * 1:32680 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer lineboxbuilder out of bound array access attempt (browser-ie.rules)
 * 1:32679 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer lineboxbuilder out of bound array access attempt (browser-ie.rules)
 * 1:32678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection attempt (malware-cnc.rules)
 * 1:32677 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection attempt (malware-cnc.rules)
 * 1:32676 <-> ENABLED <-> BLACKLIST DNS request for known malware domain danidata.dk (blacklist.rules)
 * 1:32675 <-> DISABLED <-> DELETED BLACKLIST User-Agent known malicious user-agent string for Safari version that does not exist (deleted.rules)

Modified Rules:


 * 1:20160 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish Server successful authentication bypass attempt (server-webapp.rules)
 * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules)
 * 3:10127 <-> ENABLED <-> OS-WINDOWS Microsoft IP Options denial of service (os-windows.rules)