Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, exploit-kit, file-executable, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, malware-cnc, malware-other, netbios, os-linux, os-windows, policy-other, protocol-dns, protocol-ftp, protocol-imap, protocol-telnet, protocol-voip, pua-other, server-apache, server-iis, server-mail, server-mssql, server-mysql, server-oracle, server-other, server-samba and sql rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45574 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:17663 <-> DISABLED <-> SERVER-OTHER Apple CUPS SGI image decoding buffer overflow attempt (server-other.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45586 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt (file-multimedia.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
* 1:8846 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Character Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:33740 <-> DISABLED <-> FILE-IMAGE Microsoft emf file download request (file-image.rules) * 1:7466 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Prop Page ActiveX clsid access (browser-plugins.rules) * 1:34048 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:41730 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:40248 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:7210 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules) * 1:44455 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:32869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:40245 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:6694 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:8383 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX clsid access (browser-plugins.rules) * 1:3530 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client name overflow (server-other.rules) * 1:32871 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:7442 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mmAEPlugIn.AEPlugIn.1 ActiveX clsid access (browser-plugins.rules) * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:6693 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:7490 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Switch Filter ActiveX clsid access (browser-plugins.rules) * 1:39614 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:41731 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:35748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:45154 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:4913 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Workspace ActiveX object access (browser-plugins.rules) * 1:7938 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer gopher Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7862 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsAppExpired ActiveX function call access (browser-plugins.rules) * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules) * 1:39628 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:39621 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:7429 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Bitmap ActiveX clsid access (browser-plugins.rules) * 1:39619 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:4911 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Type Library ActiveX object access (browser-plugins.rules) * 1:45148 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:3485 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client domain overflow (server-other.rules) * 1:7450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Stetch ActiveX clsid access (browser-plugins.rules) * 1:7870 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 9.0 ActiveX clsid access (browser-plugins.rules) * 1:44290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:37029 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:3661 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 buffer overflow attempt (server-other.rules) * 1:38576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:3524 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR CHECKSUMS attempt (server-other.rules) * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:34293 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:6412 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book attachment detected (server-mail.rules) * 1:33116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:7498 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM TV Out Smooth Picture Filter ActiveX clsid access (browser-plugins.rules) * 1:7942 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer http Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:36560 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:37294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:39609 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39631 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:32870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:8850 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:32738 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:7474 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion ActiveX clsid access (browser-plugins.rules) * 1:33198 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:33829 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:34056 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:7439 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Help ActiveX clsid access (browser-plugins.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:7500 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM VIH2 Fix ActiveX clsid access (browser-plugins.rules) * 1:7029 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:4987 <-> DISABLED <-> SERVER-WEBAPP Twiki viewfile rev command injection attempt (server-webapp.rules) * 1:37035 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:40246 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:33115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:3476 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client domain overflow (server-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:7928 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer file or local Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:4915 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shortcut Handler ActiveX object access (browser-plugins.rules) * 1:32840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:7437 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Frame Eater ActiveX clsid access (browser-plugins.rules) * 1:44131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:3477 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client name overflow (server-other.rules) * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:39632 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:4897 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSOAInterface ActiveX object access (browser-plugins.rules) * 1:7028 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:33493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:39624 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:4895 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeInfo ActiveX object access (browser-plugins.rules) * 1:33492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:7464 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Filter ActiveX clsid access (browser-plugins.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:7472 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion Prop Page ActiveX clsid access (browser-plugins.rules) * 1:33602 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:39870 <-> DISABLED <-> INDICATOR-COMPROMISE Oracle E-Business Suite arbitrary node deletion (indicator-compromise.rules) * 1:43830 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:32739 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:32842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:8387 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8848 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8740 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX function call access (browser-plugins.rules) * 1:8852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX clsid access (browser-plugins.rules) * 1:8389 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8405 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ActiveX clsid access (browser-plugins.rules) * 1:8385 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX clsid access (browser-plugins.rules) * 1:8425 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access (browser-plugins.rules) * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules) * 1:7456 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxa.dll ActiveX clsid access (browser-plugins.rules) * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:33586 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:7866 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Connection ActiveX clsid access (browser-plugins.rules) * 1:44146 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:4891 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer cfw Class ActiveX object access (browser-plugins.rules) * 1:7934 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ftp Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:39625 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:4900 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Outlook Progress Ctl ActiveX object access (browser-plugins.rules) * 1:43699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:6701 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:37423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:38577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:3529 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG client overflow attempt (server-other.rules) * 1:5705 <-> DISABLED <-> PROTOCOL-IMAP CAPABILITY overflow attempt (protocol-imap.rules) * 1:6691 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:36559 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:33589 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:7452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM Color Converter Filter ActiveX clsid access (browser-plugins.rules) * 1:3662 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 little endian buffer overflow attempt (server-other.rules) * 1:33828 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:45143 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:37034 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:7208 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA access attempt (server-oracle.rules) * 1:33495 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:7478 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Interlacer ActiveX clsid access (browser-plugins.rules) * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:36453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:7482 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT MuxDeMux Filter ActiveX clsid access (browser-plugins.rules) * 1:39623 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:33670 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules) * 1:39604 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:43337 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:8409 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX clsid access (browser-plugins.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:44147 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:44132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:33045 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:8377 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX clsid access (browser-plugins.rules) * 1:3531 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client domain overflow (server-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:7496 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Volume ActiveX clsid access (browser-plugins.rules) * 1:4986 <-> DISABLED <-> SERVER-WEBAPP Twiki view rev command injection attempt (server-webapp.rules) * 1:7035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:5711 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player zero length bitmap heap overflow attempt (file-image.rules) * 1:36645 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:4908 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Method Definition ActiveX object access (browser-plugins.rules) * 1:44282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:37293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:33585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:7039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:7944 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer https Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:37033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:41094 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:4914 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Script Definition ActiveX object access (browser-plugins.rules) * 1:43698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:3483 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client domain overflow (server-other.rules) * 1:39611 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39605 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:33566 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:33575 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:3663 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 buffer overflow attempt (server-other.rules) * 1:33578 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:7037 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:39606 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:7444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Mmedia.AsyncMHandler.1 ActiveX clsid access (browser-plugins.rules) * 1:33671 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size2 dos attempt (server-other.rules) * 1:35772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:39610 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:43989 <-> DISABLED <-> INDICATOR-OBFUSCATION newlines embedded in rtf header (indicator-obfuscation.rules) * 1:4893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Trident HTMLEditor ActiveX object access (browser-plugins.rules) * 1:3475 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client domain overflow (server-other.rules) * 1:7462 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Black Frame Generator ActiveX clsid access (browser-plugins.rules) * 1:36432 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:4910 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Relationship Definition ActiveX object access (browser-plugins.rules) * 1:33584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:36644 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:7041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:3479 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client name overflow (server-other.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:44284 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:39612 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:7436 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX function call (browser-plugins.rules) * 1:38669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:40243 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:7981 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:41728 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:39618 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:38670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:39603 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:6690 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules) * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:7494 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Source ActiveX clsid access (browser-plugins.rules) * 1:7978 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX clsid access (browser-plugins.rules) * 1:6502 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - ANIMEXTS1.0 (file-image.rules) * 1:44281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:37030 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:3484 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client name overflow (server-other.rules) * 1:3660 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 little endian buffer overflow attempt (server-other.rules) * 1:39602 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:36782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:33548 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:33576 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:7460 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Audio Analyzer ActiveX clsid access (browser-plugins.rules) * 1:7468 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DirectX Transform Wrapper ActiveX clsid access (browser-plugins.rules) * 1:6510 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri shortcut buffer overflow attempt (browser-ie.rules) * 1:4906 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Interface Definition ActiveX object access (browser-plugins.rules) * 1:44729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:44296 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:3478 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client domain overflow (server-other.rules) * 1:39616 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39601 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:7958 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mk Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7476 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Import Filter ActiveX clsid access (browser-plugins.rules) * 1:33577 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33044 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:39630 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:36364 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:44456 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:3822 <-> DISABLED <-> SERVER-WEBAPP RealNetworks RealPlayer realtext long URI request attempt (server-webapp.rules) * 1:36363 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:7036 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:43990 <-> DISABLED <-> INDICATOR-OBFUSCATION RTF obfuscation string (indicator-obfuscation.rules) * 1:6699 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:43338 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:33601 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:36783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:6413 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book Base64 encoded attachment detected (server-mail.rules) * 1:33979 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:4905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Object ActiveX object access (browser-plugins.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:33043 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:7431 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectFrame.DirectControl.1 ActiveX clsid access (browser-plugins.rules) * 1:39627 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:8060 <-> DISABLED <-> SERVER-OTHER UltraVNC VNCLog buffer overflow (server-other.rules) * 1:3637 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF directory traversal attempt (server-other.rules) * 1:44130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:33041 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:7433 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectX Transform Wrapper Property Page ActiveX clsid access (browser-plugins.rules) * 1:4902 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Mixing Renderer 9 ActiveX object access (browser-plugins.rules) * 1:7040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:4909 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Property Definition ActiveX object access (browser-plugins.rules) * 1:43606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:7003 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX function call access (browser-plugins.rules) * 1:35771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:4896 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeLib ActiveX object access (browser-plugins.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules) * 1:35747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:6698 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:7425 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 9x8Resize ActiveX clsid access (browser-plugins.rules) * 1:32844 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:33479 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:39617 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:7863 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsOldAppInstalled ActiveX function call access (browser-plugins.rules) * 1:3553 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM null DHTML element insertion attempt (browser-ie.rules) * 1:7486 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen Capture Filter Task Page ActiveX clsid access (browser-plugins.rules) * 1:33672 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size3 dos attempt (server-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:33827 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:36772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:4892 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MTSEvents Class ActiveX object access (browser-plugins.rules) * 1:33590 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:33684 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:36431 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:3481 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client domain overflow (server-other.rules) * 1:7458 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxb.dll ActiveX clsid access (browser-plugins.rules) * 1:32843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:7042 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:33980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:7448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ShotDetect ActiveX clsid access (browser-plugins.rules) * 1:4172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent v1.5 ActiveX clsid access (browser-plugins.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:3659 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 buffer overflow attempt (server-other.rules) * 1:7427 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Allocator Fix ActiveX clsid access (browser-plugins.rules) * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:34055 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:37031 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:4826 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (os-windows.rules) * 1:40244 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:39608 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:44129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:39620 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:3480 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client name overflow (server-other.rules) * 1:7492 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Renderer ActiveX clsid access (browser-plugins.rules) * 1:4898 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeComp ActiveX object access (browser-plugins.rules) * 1:7484 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Sample Info Filter ActiveX clsid access (browser-plugins.rules) * 1:7470 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DV Extract Filter ActiveX clsid access (browser-plugins.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:39613 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:33579 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access attempt (browser-plugins.rules) * 1:40247 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:8381 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX clsid access (browser-plugins.rules) * 1:3482 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client name overflow (server-other.rules) * 1:7454 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2ae.dll ActiveX clsid access (browser-plugins.rules) * 1:7207 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION SQL injection attempt (server-oracle.rules) * 1:7480 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Log Filter ActiveX clsid access (browser-plugins.rules) * 1:4904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Alias ActiveX object access (browser-plugins.rules) * 1:34294 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:7868 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX clsid access (browser-plugins.rules) * 1:7038 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:45149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:3525 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR NETWORK attempt (server-other.rules) * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:4907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Collection Definition ActiveX object access (browser-plugins.rules) * 1:33824 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:44283 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:4901 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR Allocator Presenter 9 ActiveX object access (browser-plugins.rules) * 1:33591 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules) * 1:3521 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR CHECKSUMS overflow attempt (server-other.rules) * 1:39622 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:34632 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:44188 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:39626 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:6696 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:7488 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen capture Filter ActiveX clsid access (browser-plugins.rules) * 1:33582 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:43831 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:33494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:45142 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:4903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR ImageSync 9 ActiveX object access (browser-plugins.rules) * 1:36646 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:3474 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client name overflow (server-other.rules) * 1:39629 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:7446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Record Queue ActiveX clsid access (browser-plugins.rules) * 1:37032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34135 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:5319 <-> DISABLED <-> OS-WINDOWS Microsoft Windows picture and fax viewer wmf arbitrary code execution attempt (os-windows.rules) * 1:4129 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent large login packet DoS attempt (server-other.rules) * 1:7914 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX clsid access (browser-plugins.rules) * 1:4912 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Root ActiveX object access (browser-plugins.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:4894 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSEnumVariant ActiveX object access (browser-plugins.rules) * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:4890 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer IAVIStream & IAVIFile Proxy ActiveX object access (browser-plugins.rules) * 1:41729 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:32754 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:8854 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX function call access (browser-plugins.rules) * 1:8856 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v1.5 ActiveX function call access (browser-plugins.rules) * 1:9131 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX function call access (browser-plugins.rules) * 1:9132 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (os-windows.rules) * 1:9228 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (os-windows.rules) * 1:9421 <-> ENABLED <-> MALWARE-OTHER zotob attempt (malware-other.rules) * 1:9432 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9433 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9441 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath overflow attempt (netbios.rules) * 1:9634 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP (server-other.rules) * 1:9635 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP (server-other.rules) * 1:9636 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP (server-other.rules) * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules) * 1:9848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (os-windows.rules) * 1:10062 <-> DISABLED <-> FILE-IMAGE Oracle Java Virtual Machine malformed GIF buffer overflow attempt (file-image.rules) * 1:10063 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox query interface suspicious function call access attempt (browser-firefox.rules) * 1:10087 <-> DISABLED <-> SERVER-OTHER VNC password request buffer overflow attempt (server-other.rules) * 1:10188 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XMD5 overflow attempt (protocol-ftp.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules) * 1:11186 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos (password -- server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11257 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (browser-plugins.rules) * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11823 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid unicode access (browser-plugins.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:11825 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call unicode access (browser-plugins.rules) * 1:11828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control ActiveX function call access (browser-plugins.rules) * 1:11832 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX function call access (browser-plugins.rules) * 1:11837 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12114 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12115 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12195 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX function call access (browser-plugins.rules) * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:12205 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX function call access (browser-plugins.rules) * 1:12212 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail literal search date command buffer overflow attempt (server-mail.rules) * 1:12217 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12261 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX clsid access (browser-plugins.rules) * 1:12263 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX function call access (browser-plugins.rules) * 1:12265 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX clsid access (browser-plugins.rules) * 1:12267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX function call access (browser-plugins.rules) * 1:12270 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX function call (browser-plugins.rules) * 1:12273 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid access (browser-plugins.rules) * 1:12275 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access (browser-plugins.rules) * 1:12277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption exploit (browser-ie.rules) * 1:12281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX clsid access (browser-plugins.rules) * 1:12446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX function call access (browser-plugins.rules) * 1:12450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX function call access (browser-plugins.rules) * 1:12452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent File Provider ActiveX clsid access (browser-plugins.rules) * 1:12463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Visual Studio Crystal Reports RPT file handling buffer overflow attempt (os-windows.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:12631 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging small offset malformed jpeg tables (os-windows.rules) * 1:12632 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging large offset malformed jpeg tables (os-windows.rules) * 1:12634 <-> DISABLED <-> FILE-IMAGE Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (file-image.rules) * 1:12642 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials (os-windows.rules) * 1:12643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows URI External handler arbitrary command attempt (os-windows.rules) * 1:12664 <-> DISABLED <-> BROWSER-IE Microsoft Windows ShellExecute and Internet Explorer 7 url handling code execution attempt (browser-ie.rules) * 1:12687 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12731 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX function call access (browser-plugins.rules) * 1:12742 <-> DISABLED <-> SERVER-OTHER Apple Quicktime UDP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12768 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:12775 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt (browser-plugins.rules) * 1:12780 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX clsid access attempt (browser-plugins.rules) * 1:12782 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX function call access attempt (browser-plugins.rules) * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:13158 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format interchange data integer overflow attempt (file-multimedia.rules) * 1:13159 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format audio error masking integer overflow attempt (file-multimedia.rules) * 1:13160 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming audio spread error correction data length integer overflow attempt (file-multimedia.rules) * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:13216 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX function call access (browser-plugins.rules) * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13226 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX function call access (browser-plugins.rules) * 1:13269 <-> DISABLED <-> OS-WINDOWS Multiple product nntp uri handling code execution attempt (os-windows.rules) * 1:13270 <-> DISABLED <-> OS-WINDOWS Multiple product news uri handling code execution attempt (os-windows.rules) * 1:13271 <-> DISABLED <-> OS-WINDOWS Multiple product telnet uri handling code execution attempt (os-windows.rules) * 1:13272 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:13298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX function call access (browser-plugins.rules) * 1:13305 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX function call access (browser-plugins.rules) * 1:13316 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing ART buffer overflow attempt (file-multimedia.rules) * 1:13318 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cmt buffer overflow attempt (file-multimedia.rules) * 1:13319 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing des buffer overflow attempt (file-multimedia.rules) * 1:13320 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cpy buffer overflow attempt (file-multimedia.rules) * 1:13323 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX function call access (browser-plugins.rules) * 1:13421 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX function call access (browser-plugins.rules) * 1:13430 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX clsid access (browser-plugins.rules) * 1:13432 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX function call access (browser-plugins.rules) * 1:13434 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13436 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13438 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX clsid access (browser-plugins.rules) * 1:13440 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX function call access (browser-plugins.rules) * 1:13442 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13444 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13448 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine begin buffer overflow attempt (os-windows.rules) * 1:13453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access (browser-ie.rules) * 1:13454 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (browser-ie.rules) * 1:13456 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (browser-ie.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13541 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX function call access (browser-plugins.rules) * 1:13554 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink version string buffer overflow (server-other.rules) * 1:13555 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink remoteID string buffer overflow (server-other.rules) * 1:13580 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components remote code execution attempt ActiveX clsid access (browser-plugins.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13591 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:13605 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX function call access (browser-plugins.rules) * 1:13607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX clsid access (browser-plugins.rules) * 1:13609 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX function call access (browser-plugins.rules) * 1:13623 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX function call access (browser-plugins.rules) * 1:13629 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:13630 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:13633 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:13668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX clsid access (browser-plugins.rules) * 1:13670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX function call access (browser-plugins.rules) * 1:13674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX function call access (browser-plugins.rules) * 1:13699 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:13720 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 3 ActiveX clsid access (browser-plugins.rules) * 1:13722 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 4 ActiveX clsid access (browser-plugins.rules) * 1:13724 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 5 ActiveX clsid access (browser-plugins.rules) * 1:13726 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 6 ActiveX clsid access (browser-plugins.rules) * 1:13728 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 7 ActiveX clsid access (browser-plugins.rules) * 1:13730 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 8 ActiveX clsid access (browser-plugins.rules) * 1:13732 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 9 ActiveX clsid access (browser-plugins.rules) * 1:13736 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 11 ActiveX clsid access (browser-plugins.rules) * 1:13738 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 12 ActiveX clsid access (browser-plugins.rules) * 1:13740 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 13 ActiveX clsid access (browser-plugins.rules) * 1:13742 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 14 ActiveX clsid access (browser-plugins.rules) * 1:13744 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 15 ActiveX clsid access (browser-plugins.rules) * 1:13746 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 16 ActiveX clsid access (browser-plugins.rules) * 1:13748 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 17 ActiveX clsid access (browser-plugins.rules) * 1:13750 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 18 ActiveX clsid access (browser-plugins.rules) * 1:13752 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 19 ActiveX clsid access (browser-plugins.rules) * 1:13754 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 20 ActiveX clsid access (browser-plugins.rules) * 1:13756 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 21 ActiveX clsid access (browser-plugins.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13823 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (file-multimedia.rules) * 1:13824 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:13888 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13889 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13890 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13891 <-> DISABLED <-> SERVER-MSSQL Memory page overwrite attempt (server-mssql.rules) * 1:13892 <-> DISABLED <-> SERVER-MSSQL Convert function style overwrite (server-mssql.rules) * 1:13903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13912 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled attack attempt (browser-ie.rules) * 1:13918 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:13960 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:13963 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:13964 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:14023 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:14027 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14029 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14031 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14040 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (server-other.rules) * 1:14041 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt - 2 (server-other.rules) * 1:14042 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer General Property Page ActiveX clsid access (browser-plugins.rules) * 1:14044 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX function call access (browser-plugins.rules) * 1:14046 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX function call access (browser-plugins.rules) * 1:14048 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX function call access (browser-plugins.rules) * 1:14050 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX function call access (browser-plugins.rules) * 1:14052 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX function call access (browser-plugins.rules) * 1:14257 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft RSClientPrint ActiveX clsid access (browser-plugins.rules) * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:14758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX function call access (browser-plugins.rules) * 1:14762 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:14765 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX function call (browser-plugins.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:14783 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules) * 1:14897 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX function call access (browser-plugins.rules) * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:14990 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Charset header overflow attempt (server-webapp.rules) * 1:15012 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML DLL memory corruption attempt (browser-ie.rules) * 1:15084 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:15086 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX function call access (browser-plugins.rules) * 1:15096 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15102 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call access (browser-plugins.rules) * 1:15109 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 1 ActiveX clsid access (browser-plugins.rules) * 1:15112 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access (browser-plugins.rules) * 1:15146 <-> DISABLED <-> SERVER-OTHER Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15245 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX function call access (browser-plugins.rules) * 1:15256 <-> DISABLED <-> SERVER-ORACLE BPEL process manager XSS injection attempt (server-oracle.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15268 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX function call access (browser-plugins.rules) * 1:15299 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:15303 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (file-office.rules) * 1:15313 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX function call access (browser-plugins.rules) * 1:15358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15430 <-> DISABLED <-> FILE-OTHER Microsoft EMF+ GpFont.SetData buffer overflow attempt (file-other.rules) * 1:15455 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters XST parsing buffer overflow attempt (file-office.rules) * 1:15457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:15459 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted/unitialized object memory corruption attempt (browser-ie.rules) * 1:15460 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX load/unload race condition attempt (browser-ie.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules) * 1:15523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows srvsvc NetrShareEnum netname overflow attempt (os-windows.rules) * 1:15524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15526 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:15529 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain navigation cookie stealing attempt (browser-ie.rules) * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:15588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 1 ActiveX clsid access (browser-plugins.rules) * 1:15590 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 10 ActiveX clsid access (browser-plugins.rules) * 1:15592 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 11 ActiveX clsid access (browser-plugins.rules) * 1:15594 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 12 ActiveX clsid access (browser-plugins.rules) * 1:15596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 13 ActiveX clsid access (browser-plugins.rules) * 1:15598 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 14 ActiveX clsid access (browser-plugins.rules) * 1:15600 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 15 ActiveX clsid access (browser-plugins.rules) * 1:15602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 16 ActiveX clsid access (browser-plugins.rules) * 1:15604 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 17 ActiveX clsid access (browser-plugins.rules) * 1:15606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 18 ActiveX clsid access (browser-plugins.rules) * 1:15608 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 19 ActiveX clsid access (browser-plugins.rules) * 1:15610 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 2 ActiveX clsid access (browser-plugins.rules) * 1:15612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 20 ActiveX clsid access (browser-plugins.rules) * 1:15614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 21 ActiveX clsid access (browser-plugins.rules) * 1:15616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 22 ActiveX clsid access (browser-plugins.rules) * 1:15618 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 23 ActiveX clsid access (browser-plugins.rules) * 1:15620 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 24 ActiveX clsid access (browser-plugins.rules) * 1:15622 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 25 ActiveX clsid access (browser-plugins.rules) * 1:15624 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 26 ActiveX clsid access (browser-plugins.rules) * 1:15626 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 27 ActiveX clsid access (browser-plugins.rules) * 1:15628 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 28 ActiveX clsid access (browser-plugins.rules) * 1:15630 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 29 ActiveX clsid access (browser-plugins.rules) * 1:15632 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 3 ActiveX clsid access (browser-plugins.rules) * 1:15634 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 30 ActiveX clsid access (browser-plugins.rules) * 1:15636 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 31 ActiveX clsid access (browser-plugins.rules) * 1:15640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 33 ActiveX clsid access (browser-plugins.rules) * 1:15642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 34 ActiveX clsid access (browser-plugins.rules) * 1:15644 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 35 ActiveX clsid access (browser-plugins.rules) * 1:15646 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 36 ActiveX clsid access (browser-plugins.rules) * 1:15648 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 37 ActiveX clsid access (browser-plugins.rules) * 1:15650 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 38 ActiveX clsid access (browser-plugins.rules) * 1:15652 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 39 ActiveX clsid access (browser-plugins.rules) * 1:15654 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 4 ActiveX clsid access (browser-plugins.rules) * 1:15656 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 40 ActiveX clsid access (browser-plugins.rules) * 1:15658 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 41 ActiveX clsid access (browser-plugins.rules) * 1:15660 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 42 ActiveX clsid access (browser-plugins.rules) * 1:15662 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 43 ActiveX clsid access (browser-plugins.rules) * 1:15664 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 44 ActiveX clsid access (browser-plugins.rules) * 1:15666 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 45 ActiveX clsid access (browser-plugins.rules) * 1:15668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 5 ActiveX clsid access (browser-plugins.rules) * 1:15671 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX function call (browser-plugins.rules) * 1:15674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 8 ActiveX clsid access (browser-plugins.rules) * 1:15676 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 9 ActiveX clsid access (browser-plugins.rules) * 1:15678 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript (browser-plugins.rules) * 1:15679 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (browser-plugins.rules) * 1:15684 <-> DISABLED <-> OS-WINDOWS Multiple product snews uri handling code execution attempt (os-windows.rules) * 1:15687 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15689 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15691 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15695 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:15703 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15704 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMSS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15705 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PCAST protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15706 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes DAAP protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:15852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Datasource ActiveX clsid access (browser-plugins.rules) * 1:15855 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules) * 1:15894 <-> DISABLED <-> OS-WINDOWS Microsoft Color Management Module remote code execution attempt (os-windows.rules) * 1:15907 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules) * 1:15924 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15949 <-> DISABLED <-> FILE-OTHER McAfee LHA file handling overflow attempt (file-other.rules) * 1:15952 <-> DISABLED <-> SERVER-MYSQL create function libc arbitrary code execution attempt (server-mysql.rules) * 1:15992 <-> DISABLED <-> FILE-OTHER Trend Micro Products Antivirus Library overflow attempt (file-other.rules) * 1:16002 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16003 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16023 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16024 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16043 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html tag memory corruption attempt (browser-ie.rules) * 1:16050 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:16068 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:16073 <-> DISABLED <-> OS-WINDOWS MS-SQL convert function unicode overflow (os-windows.rules) * 1:16074 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16193 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent SMTP AUTH LOGIN command buffer overflow attempt (server-mail.rules) * 1:16194 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16364 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server SQLSTT denial of service attempt (server-other.rules) * 1:16432 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:16521 <-> DISABLED <-> SERVER-OTHER Squid Proxy http version number overflow attempt (server-other.rules) * 1:16578 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder 9 ActiveX buffer overflow attempt (os-windows.rules) * 1:16588 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:16602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow 3 ActiveX exploit via JavaScript (browser-plugins.rules) * 1:16607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX control access attempt (browser-plugins.rules) * 1:16610 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX GetXMLValue method buffer overflow attempt (browser-plugins.rules) * 1:16679 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDIplus integer overflow attempt (os-windows.rules) * 1:16690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16748 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX function call access (browser-plugins.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16762 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX andx attempt (netbios.rules) * 1:16764 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode andx attempt (netbios.rules) * 1:16766 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow andx attempt (netbios.rules) * 1:16777 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16778 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17050 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration Server authentication bypass attempt (server-webapp.rules) * 1:17052 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17053 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17054 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17213 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:17220 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17221 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17222 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17226 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX initialization via script (browser-plugins.rules) * 1:17228 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player skin decompression code execution attempt (os-windows.rules) * 1:17262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17263 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:17272 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer AVI parsing buffer overflow attempt (file-multimedia.rules) * 1:17280 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17313 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17348 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17349 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17374 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17386 <-> DISABLED <-> SERVER-WEBAPP Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (server-webapp.rules) * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules) * 1:17405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:17415 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:17459 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17460 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17464 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:17467 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17468 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17471 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17472 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17474 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17475 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17476 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.PURGE_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17477 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.DROP_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17478 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17479 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17480 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help File Heap Buffer Overflow attempt (file-other.rules) * 1:17498 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17499 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17500 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17501 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17502 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17513 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17514 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17516 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17546 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:17568 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:17570 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17619 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17624 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17626 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:17628 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian object call overflow attempt (netbios.rules) * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 object call overflow attempt (netbios.rules) * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 overflow attempt (netbios.rules) * 1:17643 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServe logger servie null-pointer dereference attempt (server-other.rules) * 1:17644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:17646 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17664 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:17678 <-> DISABLED <-> FILE-IMAGE Adobe BMP image handler buffer overflow attempt (file-image.rules) * 1:17691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17695 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:17736 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:17808 <-> DISABLED <-> FILE-FLASH Adobe Flash authplay.dll memory corruption attempt (file-flash.rules) * 1:18171 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18172 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18173 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18194 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:18250 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products EscapeAttributeValue integer overflow attempt (browser-firefox.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18284 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18296 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:18303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler overflow attempt (browser-ie.rules) * 1:18304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18306 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18313 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:18317 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail RCPT TO proxy overflow attempt (server-mail.rules) * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules) * 1:18476 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:18484 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:18512 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:18518 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:18520 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18521 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors iacenc.dll dll-load exploit attempt (os-windows.rules) * 1:18574 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18591 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:18600 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:18603 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (server-mail.rules) * 1:18616 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18635 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:18710 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules) * 1:18771 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18772 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18800 <-> DISABLED <-> FILE-OTHER Adobe RoboHelp Server Arbitrary File Upload (file-other.rules) * 1:18905 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18906 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18907 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18908 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18909 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18910 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18911 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18912 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18913 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18914 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18915 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18916 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18917 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18918 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18919 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18920 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18921 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18922 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18923 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18924 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18925 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18962 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player content parsing execution attempt (file-flash.rules) * 1:19079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption (browser-ie.rules) * 1:19087 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19088 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19089 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19090 <-> DISABLED <-> SERVER-OTHER CA Discovery Serice Overflow Attempt (server-other.rules) * 1:19293 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:1930 <-> DISABLED <-> PROTOCOL-IMAP auth literal overflow attempt (protocol-imap.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:19599 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_REMOVE_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:19618 <-> DISABLED <-> FILE-OTHER Multiple products dwmapi.dll dll-load exploit attempt (file-other.rules) * 1:19693 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19811 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:19815 <-> DISABLED <-> SERVER-OTHER HP Operations Manager Server Default Credientials in use attempt (server-other.rules) * 1:19892 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System modem string buffer overflow attempt (server-other.rules) * 1:19925 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX client browser plugin call-back-url buffer overflow attempt (browser-plugins.rules) * 1:20071 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID access (browser-plugins.rules) * 1:20204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:20277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:20278 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:20279 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20546 <-> DISABLED <-> SERVER-OTHER BakBone NetVault client heap overflow attempt (server-other.rules) * 1:20552 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20555 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:20576 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:20590 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:20744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt (os-windows.rules) * 1:20878 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:20879 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules) * 1:21003 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html request (malware-cnc.rules) * 1:21004 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html landing page (malware-cnc.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21041 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules) * 1:21042 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?f= (exploit-kit.rules) * 1:21043 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?e= (exploit-kit.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:2105 <-> DISABLED <-> PROTOCOL-IMAP authenticate literal overflow attempt (protocol-imap.rules) * 1:2106 <-> DISABLED <-> PROTOCOL-IMAP lsub overflow attempt (protocol-imap.rules) * 1:21068 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit landing page (exploit-kit.rules) * 1:21069 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit exploit fetch request (exploit-kit.rules) * 1:21070 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit pdf exploit page request (exploit-kit.rules) * 1:21071 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit post-exploit page request (exploit-kit.rules) * 1:21084 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function buffer overflow attempt (server-mssql.rules) * 1:21085 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function unicode buffer overflow attempt (server-mssql.rules) * 1:21096 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit control panel access (exploit-kit.rules) * 1:21097 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit post-exploit download request (exploit-kit.rules) * 1:21098 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit landing page (exploit-kit.rules) * 1:21099 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit malicious pdf request (exploit-kit.rules) * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules) * 1:21156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook VEVENT overflow attempt (file-office.rules) * 1:21186 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21289 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21290 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21298 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint chart webpart XSS attempt (server-webapp.rules) * 1:21309 <-> DISABLED <-> OS-WINDOWS Microsoft product fputlsat.dll dll-load exploit attempt (os-windows.rules) * 1:21310 <-> DISABLED <-> OS-WINDOWS Microsoft product fputlsat.dll dll-load exploit attempt (os-windows.rules) * 1:21343 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21345 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21347 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21348 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules) * 1:21414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21462 <-> DISABLED <-> FILE-JAVA Oracle Java Plugin security bypass (file-java.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21567 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21581 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - BBB (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21647 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:21770 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21771 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21772 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21774 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21775 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21790 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21791 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21794 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:21806 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:21860 <-> ENABLED <-> MALWARE-CNC Phoenix exploit kit post-compromise behavior (malware-cnc.rules) * 1:21874 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - StrReverse (exploit-kit.rules) * 1:21875 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - taskkill (exploit-kit.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21928 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:21931 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21933 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:21942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:21943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:22004 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22005 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22006 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22007 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22008 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22010 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22011 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22012 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:22081 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:22949 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:22951 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt little endian (server-webapp.rules) * 1:23010 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Cisco IOS FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23091 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23093 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23105 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23127 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET xbap STGMEDIUM.unionmember arbitrary number overwrite attempt (file-executable.rules) * 1:23142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23143 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23146 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23150 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed graphic record code execution attempt (file-office.rules) * 1:23153 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23154 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23155 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules) * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23162 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online ncrypt.dll dll-load exploit attempt (os-windows.rules) * 1:23163 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online wlanapi.dll dll-load exploit attempt (os-windows.rules) * 1:23165 <-> DISABLED <-> SERVER-OTHER Microsoft Lync Online wlanapi.dll dll-load exploit attempt (server-other.rules) * 1:23181 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework xbap DataObject object pointer attempt (file-executable.rules) * 1:23211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23228 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX clsid access (browser-plugins.rules) * 1:23240 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:23259 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23270 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:23272 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23279 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:23283 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX clsid access attempt (browser-plugins.rules) * 1:23287 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23288 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23289 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23290 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23291 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23292 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23293 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23295 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23297 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23299 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23300 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23301 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23302 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23304 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23371 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:23407 <-> DISABLED <-> SERVER-WEBAPP Apple iChat url format string exploit attempt (server-webapp.rules) * 1:23499 <-> DISABLED <-> FILE-OTHER Microsoft Windows CUR file parsing overflow attempt (file-other.rules) * 1:23500 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:23501 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23502 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23503 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23505 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:23506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:23508 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:23509 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:23510 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:23511 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:23512 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules) * 1:23526 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23527 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23528 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:23534 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:23535 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:23536 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:23537 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:23538 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:23539 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:23544 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:23545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:23546 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:23547 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:23548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:23549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:23550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules) * 1:23551 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23554 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23558 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:23559 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:23560 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23561 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:23562 <-> DISABLED <-> FILE-OTHER Microsoft MHTML XSS attempt (file-other.rules) * 1:23563 <-> DISABLED <-> FILE-OTHER Microsoft Windows MHTML XSS attempt (file-other.rules) * 1:23565 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:23567 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:23568 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:23569 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:23570 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:23571 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:23572 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:23573 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:23574 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:23575 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23576 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23579 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:23581 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23582 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules) * 1:23583 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23584 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules) * 1:23585 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:23586 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23587 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23588 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23591 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:23619 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch broken (exploit-kit.rules) * 1:23622 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page request - tkr (exploit-kit.rules) * 1:23623 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:23699 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:23700 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23715 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules) * 1:23716 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:23717 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:23718 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:23781 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:23785 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.floor catch (exploit-kit.rules) * 1:23786 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.round catch (exploit-kit.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23837 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (os-windows.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23848 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23849 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23850 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - hwehes (exploit-kit.rules) * 1:23943 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:23956 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23962 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - fewbgazr catch (exploit-kit.rules) * 1:23992 <-> DISABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules) * 1:24053 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24124 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:24186 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24189 <-> DISABLED <-> FILE-IMAGE XPM file format overflow attempt (file-image.rules) * 1:24197 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:24198 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:24200 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules) * 1:24203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24205 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24220 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24237 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24238 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24272 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24273 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24274 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24275 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24276 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24277 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24278 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24279 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:24280 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24314 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24380 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules) * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules) * 1:24535 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24550 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules) * 1:24556 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24557 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24558 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:24641 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules) * 1:24657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:24672 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:24681 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24682 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24683 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24684 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24685 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24695 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules) * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24728 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24771 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24772 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24815 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:24823 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:24839 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:24840 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - JAR redirection (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24905 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24906 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24915 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24997 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24999 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25000 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:25044 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25051 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit landing page redirection (exploit-kit.rules) * 1:25052 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit Java Exploit requested - 3 digit (exploit-kit.rules) * 1:25053 <-> DISABLED <-> EXPLOIT-KIT Redkit outbound class retrieval (exploit-kit.rules) * 1:25065 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25066 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler variant outbound connection (malware-cnc.rules) * 1:25068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler inbound connection (malware-cnc.rules) * 1:25232 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25233 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:25251 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:25298 <-> DISABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25311 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:25383 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.exe (exploit-kit.rules) * 1:25384 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.exe (exploit-kit.rules) * 1:25385 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.exe (exploit-kit.rules) * 1:25386 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.exe (exploit-kit.rules) * 1:25387 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.exe (exploit-kit.rules) * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25389 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25390 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25391 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit obfuscated payload download (exploit-kit.rules) * 1:25502 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft GDI EMF malformed file buffer overflow attempt (file-multimedia.rules) * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25587 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:25588 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25649 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25797 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:25800 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit Javascript request (exploit-kit.rules) * 1:25802 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit encoded portable executable request (exploit-kit.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:25969 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules) * 1:26066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26067 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26068 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26089 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules) * 1:26109 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:26174 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:26329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:26330 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26338 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr injection detection - leads to exploit kit (exploit-kit.rules) * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules) * 1:26341 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26342 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page - specific structure (exploit-kit.rules) * 1:26343 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26372 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26373 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26453 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE File Stream Buffer Overflow attempt (file-office.rules) * 1:26472 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:26473 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26474 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26475 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26476 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26477 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26478 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26508 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:26535 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page - specific structure (exploit-kit.rules) * 1:26536 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:26564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:26599 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:26600 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:26602 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:26648 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:26649 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:2665 <-> DISABLED <-> PROTOCOL-IMAP login literal format string attempt (protocol-imap.rules) * 1:26663 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:26667 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes playlist overflow attempt (file-multimedia.rules) * 1:26672 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26676 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:26706 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26707 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26708 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26709 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26710 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26711 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed ftCMO record remote code execution attempt (file-office.rules) * 1:26724 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:26799 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26801 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26832 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:26857 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules) * 1:26858 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:26859 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:26861 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:26862 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (file-image.rules) * 1:26863 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:26864 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:26866 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:26978 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:27001 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks Remote Management overflow attempt (server-other.rules) * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27081 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Internet Explorer exploit download - autopwn (exploit-kit.rules) * 1:27082 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit flash remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27166 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27167 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27168 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27215 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint schemes record buffer overflow (file-office.rules) * 1:27216 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint printer record buffer overflow (file-office.rules) * 1:27222 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:27243 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirectAction (server-apache.rules) * 1:27251 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:27271 <-> ENABLED <-> EXPLOIT-KIT iFramer toolkit injected iframe detected - specific structure (exploit-kit.rules) * 1:27544 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected (malware-cnc.rules) * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27548 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:27549 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:27580 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27581 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27584 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27585 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27586 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27587 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27588 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27589 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27590 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27591 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:27635 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:27671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:27695 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27696 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27697 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit successful Java exploit (exploit-kit.rules) * 1:27718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules) * 1:27719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:27757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:27758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:27788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27790 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:27793 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27798 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules) * 1:27799 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:27800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:27865 <-> ENABLED <-> EXPLOIT-KIT Blackholev2/Darkleech exploit kit landing page request (exploit-kit.rules) * 1:27881 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27883 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Oracle Java (exploit-kit.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27886 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27892 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader (exploit-kit.rules) * 1:27893 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27894 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.dll (exploit-kit.rules) * 1:27895 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:27896 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.dll (exploit-kit.rules) * 1:27897 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.dll (exploit-kit.rules) * 1:27898 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.dll (exploit-kit.rules) * 1:27908 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27909 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27945 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules) * 1:27947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:27948 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:28029 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Popads/Nuclear exploit kit jnlp request (exploit-kit.rules) * 1:28108 <-> ENABLED <-> EXPLOIT-KIT Nuclear/Magnitude exploit kit Adobe Flash exploit download attempt (exploit-kit.rules) * 1:28113 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:28124 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:28128 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28228 <-> DISABLED <-> SERVER-WEBAPP Microsoft Interactive Training buffer overflow attempt (server-webapp.rules) * 1:28236 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Nuclear exploit kit landing page (exploit-kit.rules) * 1:28263 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:28311 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28312 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28313 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28314 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28316 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28317 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28318 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28319 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28320 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28321 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28322 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28413 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded redirection attempt (exploit-kit.rules) * 1:28428 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit landing page (exploit-kit.rules) * 1:28429 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit outbound jnlp download attempt (exploit-kit.rules) * 1:28430 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit zip file download (exploit-kit.rules) * 1:28440 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules) * 1:28441 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28442 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28443 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Terminator RAT variant outbound connection (malware-cnc.rules) * 1:28493 <-> ENABLED <-> MALWARE-CNC DeputyDog diskless method outbound connection (malware-cnc.rules) * 1:28612 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Silverlight exploit download (exploit-kit.rules) * 1:28613 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page - specific-structure (exploit-kit.rules) * 1:28614 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:28616 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download attempt (exploit-kit.rules) * 1:28677 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28678 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28686 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Egobot variant outbound connection (malware-cnc.rules) * 1:29032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29066 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit XORed payload download attempt (exploit-kit.rules) * 1:29128 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:29130 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload download attempt (exploit-kit.rules) * 1:29264 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules) * 1:29327 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules) * 1:29328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules) * 1:29329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:29434 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:29435 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29436 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29581 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:29796 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29804 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29805 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29806 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:29937 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:29943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:30037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zaleelq variant outbound connection (malware-cnc.rules) * 1:30232 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:30233 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP append overflow attempt (protocol-imap.rules) * 1:30941 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:31017 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31018 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31031 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31032 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31279 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit decryption page outbound request (exploit-kit.rules) * 1:31296 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules) * 1:31301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31374 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:31420 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31421 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31427 <-> DISABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules) * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:31434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:31437 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:31439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:31462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:31473 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31474 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31475 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:31562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31650 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules) * 1:31716 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Otupsys variant outbound connection (malware-cnc.rules) * 1:31756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:31757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:31758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:31759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules) * 1:31760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31761 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31762 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31777 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:31778 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:31779 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:31780 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:31843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:31844 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:31845 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:31875 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31876 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:32062 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32063 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32064 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:32083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:32094 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:32095 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:32122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules) * 1:32131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32133 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:32136 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:32206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules) * 1:32223 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32224 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32365 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:32532 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:32615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:32625 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules) * 1:32629 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32631 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:32642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules) * 1:32643 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:32644 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45586 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt (file-multimedia.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:17663 <-> DISABLED <-> SERVER-OTHER Apple CUPS SGI image decoding buffer overflow attempt (server-other.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45574 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
* 1:32738 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:32842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:6413 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book Base64 encoded attachment detected (server-mail.rules) * 1:6690 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules) * 1:6510 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri shortcut buffer overflow attempt (browser-ie.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:6502 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - ANIMEXTS1.0 (file-image.rules) * 1:32739 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:33492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33566 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:32754 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:33585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:32843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:33584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:32870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:32871 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:33041 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:33043 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:33582 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:33044 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33045 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:33115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33589 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33578 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33577 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33576 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33575 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33671 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size2 dos attempt (server-other.rules) * 1:33670 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules) * 1:33602 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:33601 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:33591 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33590 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:32844 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:33548 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:33495 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33198 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:33479 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:32840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:33586 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:34293 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:34135 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules) * 1:34056 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34055 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34048 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:33980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33979 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33579 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access attempt (browser-plugins.rules) * 1:33829 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33828 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33827 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33824 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:33740 <-> DISABLED <-> FILE-IMAGE Microsoft emf file download request (file-image.rules) * 1:33684 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:33672 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size3 dos attempt (server-other.rules) * 1:3484 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client name overflow (server-other.rules) * 1:3483 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client domain overflow (server-other.rules) * 1:3482 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client name overflow (server-other.rules) * 1:3481 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client domain overflow (server-other.rules) * 1:3480 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client name overflow (server-other.rules) * 1:3479 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client name overflow (server-other.rules) * 1:3478 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client domain overflow (server-other.rules) * 1:3477 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client name overflow (server-other.rules) * 1:3476 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client domain overflow (server-other.rules) * 1:3475 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client domain overflow (server-other.rules) * 1:3474 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client name overflow (server-other.rules) * 1:34632 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:34294 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules) * 1:3485 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client domain overflow (server-other.rules) * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:3530 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client name overflow (server-other.rules) * 1:3529 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG client overflow attempt (server-other.rules) * 1:3525 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR NETWORK attempt (server-other.rules) * 1:3524 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR CHECKSUMS attempt (server-other.rules) * 1:3521 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR CHECKSUMS overflow attempt (server-other.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:36559 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:36432 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36431 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:3637 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF directory traversal attempt (server-other.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36364 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36363 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules) * 1:35772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:3553 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM null DHTML element insertion attempt (browser-ie.rules) * 1:3531 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client domain overflow (server-other.rules) * 1:37294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:37293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:37035 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37034 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37031 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37030 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37029 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:36783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:36782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:36772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:36646 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36645 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36644 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:3663 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 buffer overflow attempt (server-other.rules) * 1:3662 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 little endian buffer overflow attempt (server-other.rules) * 1:3661 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 buffer overflow attempt (server-other.rules) * 1:3660 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 little endian buffer overflow attempt (server-other.rules) * 1:3659 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 buffer overflow attempt (server-other.rules) * 1:36560 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:39610 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39609 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39608 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39606 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39605 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39604 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39603 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39602 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39601 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:38670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:38669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:38577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:3822 <-> DISABLED <-> SERVER-WEBAPP RealNetworks RealPlayer realtext long URI request attempt (server-webapp.rules) * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:39611 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39612 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39618 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39617 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39616 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39614 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39613 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39622 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39621 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39620 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39619 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:43337 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44188 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:44147 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:44146 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:44132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:4911 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Type Library ActiveX object access (browser-plugins.rules) * 1:4893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Trident HTMLEditor ActiveX object access (browser-plugins.rules) * 1:4892 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MTSEvents Class ActiveX object access (browser-plugins.rules) * 1:4891 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer cfw Class ActiveX object access (browser-plugins.rules) * 1:4890 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer IAVIStream & IAVIFile Proxy ActiveX object access (browser-plugins.rules) * 1:4826 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (os-windows.rules) * 1:45154 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:45149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45148 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45143 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45142 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:44730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:44729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:44456 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:44455 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:44296 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:44290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:44284 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44283 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:4910 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Relationship Definition ActiveX object access (browser-plugins.rules) * 1:4909 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Property Definition ActiveX object access (browser-plugins.rules) * 1:4908 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Method Definition ActiveX object access (browser-plugins.rules) * 1:4907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Collection Definition ActiveX object access (browser-plugins.rules) * 1:4906 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Interface Definition ActiveX object access (browser-plugins.rules) * 1:4905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Object ActiveX object access (browser-plugins.rules) * 1:4904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Alias ActiveX object access (browser-plugins.rules) * 1:4903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR ImageSync 9 ActiveX object access (browser-plugins.rules) * 1:4902 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Mixing Renderer 9 ActiveX object access (browser-plugins.rules) * 1:4901 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR Allocator Presenter 9 ActiveX object access (browser-plugins.rules) * 1:4900 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Outlook Progress Ctl ActiveX object access (browser-plugins.rules) * 1:4898 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeComp ActiveX object access (browser-plugins.rules) * 1:4897 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSOAInterface ActiveX object access (browser-plugins.rules) * 1:4896 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeLib ActiveX object access (browser-plugins.rules) * 1:4895 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeInfo ActiveX object access (browser-plugins.rules) * 1:4894 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSEnumVariant ActiveX object access (browser-plugins.rules) * 1:5319 <-> DISABLED <-> OS-WINDOWS Microsoft Windows picture and fax viewer wmf arbitrary code execution attempt (os-windows.rules) * 1:4987 <-> DISABLED <-> SERVER-WEBAPP Twiki viewfile rev command injection attempt (server-webapp.rules) * 1:4986 <-> DISABLED <-> SERVER-WEBAPP Twiki view rev command injection attempt (server-webapp.rules) * 1:4915 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shortcut Handler ActiveX object access (browser-plugins.rules) * 1:4914 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Script Definition ActiveX object access (browser-plugins.rules) * 1:4913 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Workspace ActiveX object access (browser-plugins.rules) * 1:4912 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Root ActiveX object access (browser-plugins.rules) * 1:5711 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player zero length bitmap heap overflow attempt (file-image.rules) * 1:5705 <-> DISABLED <-> PROTOCOL-IMAP CAPABILITY overflow attempt (protocol-imap.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules) * 1:6412 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book attachment detected (server-mail.rules) * 1:39623 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39628 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39627 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39626 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39625 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39624 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39632 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39631 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39630 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39629 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:41731 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41730 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41729 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41728 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:4172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent v1.5 ActiveX clsid access (browser-plugins.rules) * 1:4129 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent large login packet DoS attempt (server-other.rules) * 1:41094 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules) * 1:40248 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40247 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40246 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40245 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40244 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40243 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:39870 <-> DISABLED <-> INDICATOR-COMPROMISE Oracle E-Business Suite arbitrary node deletion (indicator-compromise.rules) * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43990 <-> DISABLED <-> INDICATOR-OBFUSCATION RTF obfuscation string (indicator-obfuscation.rules) * 1:43989 <-> DISABLED <-> INDICATOR-OBFUSCATION newlines embedded in rtf header (indicator-obfuscation.rules) * 1:43831 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43830 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:43698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:43606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:43338 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:6694 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:6693 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:6691 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:7207 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION SQL injection attempt (server-oracle.rules) * 1:7042 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:7041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:7040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:7039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:7038 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:7037 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:7036 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:7035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:7029 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7028 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7003 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX function call access (browser-plugins.rules) * 1:6701 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:6699 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:6698 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:6696 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:7208 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA access attempt (server-oracle.rules) * 1:7210 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules) * 1:7425 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 9x8Resize ActiveX clsid access (browser-plugins.rules) * 1:7431 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectFrame.DirectControl.1 ActiveX clsid access (browser-plugins.rules) * 1:7427 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Allocator Fix ActiveX clsid access (browser-plugins.rules) * 1:7429 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Bitmap ActiveX clsid access (browser-plugins.rules) * 1:7436 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX function call (browser-plugins.rules) * 1:7433 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectX Transform Wrapper Property Page ActiveX clsid access (browser-plugins.rules) * 1:7442 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mmAEPlugIn.AEPlugIn.1 ActiveX clsid access (browser-plugins.rules) * 1:7437 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Frame Eater ActiveX clsid access (browser-plugins.rules) * 1:7439 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Help ActiveX clsid access (browser-plugins.rules) * 1:7444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Mmedia.AsyncMHandler.1 ActiveX clsid access (browser-plugins.rules) * 1:7446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Record Queue ActiveX clsid access (browser-plugins.rules) * 1:7448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ShotDetect ActiveX clsid access (browser-plugins.rules) * 1:7450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Stetch ActiveX clsid access (browser-plugins.rules) * 1:7452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM Color Converter Filter ActiveX clsid access (browser-plugins.rules) * 1:7454 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2ae.dll ActiveX clsid access (browser-plugins.rules) * 1:7456 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxa.dll ActiveX clsid access (browser-plugins.rules) * 1:7458 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxb.dll ActiveX clsid access (browser-plugins.rules) * 1:7460 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Audio Analyzer ActiveX clsid access (browser-plugins.rules) * 1:7462 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Black Frame Generator ActiveX clsid access (browser-plugins.rules) * 1:7464 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Filter ActiveX clsid access (browser-plugins.rules) * 1:7466 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Prop Page ActiveX clsid access (browser-plugins.rules) * 1:7468 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DirectX Transform Wrapper ActiveX clsid access (browser-plugins.rules) * 1:7470 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DV Extract Filter ActiveX clsid access (browser-plugins.rules) * 1:7472 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion Prop Page ActiveX clsid access (browser-plugins.rules) * 1:7474 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion ActiveX clsid access (browser-plugins.rules) * 1:7476 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Import Filter ActiveX clsid access (browser-plugins.rules) * 1:7478 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Interlacer ActiveX clsid access (browser-plugins.rules) * 1:7480 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Log Filter ActiveX clsid access (browser-plugins.rules) * 1:7482 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT MuxDeMux Filter ActiveX clsid access (browser-plugins.rules) * 1:7484 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Sample Info Filter ActiveX clsid access (browser-plugins.rules) * 1:7486 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen Capture Filter Task Page ActiveX clsid access (browser-plugins.rules) * 1:7488 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen capture Filter ActiveX clsid access (browser-plugins.rules) * 1:7490 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Switch Filter ActiveX clsid access (browser-plugins.rules) * 1:7492 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Renderer ActiveX clsid access (browser-plugins.rules) * 1:7494 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Source ActiveX clsid access (browser-plugins.rules) * 1:7496 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Volume ActiveX clsid access (browser-plugins.rules) * 1:7498 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM TV Out Smooth Picture Filter ActiveX clsid access (browser-plugins.rules) * 1:7500 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM VIH2 Fix ActiveX clsid access (browser-plugins.rules) * 1:7862 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsAppExpired ActiveX function call access (browser-plugins.rules) * 1:7863 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsOldAppInstalled ActiveX function call access (browser-plugins.rules) * 1:7866 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Connection ActiveX clsid access (browser-plugins.rules) * 1:7868 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX clsid access (browser-plugins.rules) * 1:7870 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 9.0 ActiveX clsid access (browser-plugins.rules) * 1:7914 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX clsid access (browser-plugins.rules) * 1:7928 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer file or local Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7934 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ftp Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7938 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer gopher Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7942 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer http Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7944 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer https Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7958 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mk Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7978 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX clsid access (browser-plugins.rules) * 1:7981 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:8060 <-> DISABLED <-> SERVER-OTHER UltraVNC VNCLog buffer overflow (server-other.rules) * 1:8377 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8381 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8383 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8385 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX clsid access (browser-plugins.rules) * 1:8387 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8389 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8405 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ActiveX clsid access (browser-plugins.rules) * 1:8409 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX clsid access (browser-plugins.rules) * 1:8425 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access (browser-plugins.rules) * 1:8740 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX function call access (browser-plugins.rules) * 1:8846 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Character Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8848 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8850 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX clsid access (browser-plugins.rules) * 1:8854 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX function call access (browser-plugins.rules) * 1:8856 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v1.5 ActiveX function call access (browser-plugins.rules) * 1:9131 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX function call access (browser-plugins.rules) * 1:9132 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (os-windows.rules) * 1:9228 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (os-windows.rules) * 1:9421 <-> ENABLED <-> MALWARE-OTHER zotob attempt (malware-other.rules) * 1:9432 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9433 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9441 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath overflow attempt (netbios.rules) * 1:9634 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP (server-other.rules) * 1:9635 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP (server-other.rules) * 1:9636 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP (server-other.rules) * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules) * 1:9848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (os-windows.rules) * 1:10062 <-> DISABLED <-> FILE-IMAGE Oracle Java Virtual Machine malformed GIF buffer overflow attempt (file-image.rules) * 1:10063 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox query interface suspicious function call access attempt (browser-firefox.rules) * 1:10087 <-> DISABLED <-> SERVER-OTHER VNC password request buffer overflow attempt (server-other.rules) * 1:10188 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XMD5 overflow attempt (protocol-ftp.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules) * 1:11186 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos (password -- server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11257 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (browser-plugins.rules) * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11823 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid unicode access (browser-plugins.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:11825 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call unicode access (browser-plugins.rules) * 1:11828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control ActiveX function call access (browser-plugins.rules) * 1:11832 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX function call access (browser-plugins.rules) * 1:11837 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12114 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12115 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12195 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX function call access (browser-plugins.rules) * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:12205 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX function call access (browser-plugins.rules) * 1:12212 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail literal search date command buffer overflow attempt (server-mail.rules) * 1:12217 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12261 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX clsid access (browser-plugins.rules) * 1:12263 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX function call access (browser-plugins.rules) * 1:12265 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX clsid access (browser-plugins.rules) * 1:12267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX function call access (browser-plugins.rules) * 1:12270 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX function call (browser-plugins.rules) * 1:12273 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid access (browser-plugins.rules) * 1:12275 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access (browser-plugins.rules) * 1:12277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption exploit (browser-ie.rules) * 1:12281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX clsid access (browser-plugins.rules) * 1:12446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX function call access (browser-plugins.rules) * 1:12450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX function call access (browser-plugins.rules) * 1:12452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent File Provider ActiveX clsid access (browser-plugins.rules) * 1:12463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Visual Studio Crystal Reports RPT file handling buffer overflow attempt (os-windows.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:12631 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging small offset malformed jpeg tables (os-windows.rules) * 1:12632 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging large offset malformed jpeg tables (os-windows.rules) * 1:12634 <-> DISABLED <-> FILE-IMAGE Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (file-image.rules) * 1:12642 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials (os-windows.rules) * 1:12643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows URI External handler arbitrary command attempt (os-windows.rules) * 1:12664 <-> DISABLED <-> BROWSER-IE Microsoft Windows ShellExecute and Internet Explorer 7 url handling code execution attempt (browser-ie.rules) * 1:12687 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12731 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX function call access (browser-plugins.rules) * 1:12742 <-> DISABLED <-> SERVER-OTHER Apple Quicktime UDP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12768 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:12775 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt (browser-plugins.rules) * 1:12780 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX clsid access attempt (browser-plugins.rules) * 1:12782 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX function call access attempt (browser-plugins.rules) * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:13158 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format interchange data integer overflow attempt (file-multimedia.rules) * 1:13159 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format audio error masking integer overflow attempt (file-multimedia.rules) * 1:13160 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming audio spread error correction data length integer overflow attempt (file-multimedia.rules) * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:13216 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX function call access (browser-plugins.rules) * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13226 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX function call access (browser-plugins.rules) * 1:13269 <-> DISABLED <-> OS-WINDOWS Multiple product nntp uri handling code execution attempt (os-windows.rules) * 1:13270 <-> DISABLED <-> OS-WINDOWS Multiple product news uri handling code execution attempt (os-windows.rules) * 1:13271 <-> DISABLED <-> OS-WINDOWS Multiple product telnet uri handling code execution attempt (os-windows.rules) * 1:13272 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:13298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX function call access (browser-plugins.rules) * 1:13305 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX function call access (browser-plugins.rules) * 1:13316 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing ART buffer overflow attempt (file-multimedia.rules) * 1:13318 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cmt buffer overflow attempt (file-multimedia.rules) * 1:13319 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing des buffer overflow attempt (file-multimedia.rules) * 1:13320 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cpy buffer overflow attempt (file-multimedia.rules) * 1:13323 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX function call access (browser-plugins.rules) * 1:13421 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX function call access (browser-plugins.rules) * 1:13430 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX clsid access (browser-plugins.rules) * 1:13432 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX function call access (browser-plugins.rules) * 1:13434 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13436 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13438 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX clsid access (browser-plugins.rules) * 1:13440 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX function call access (browser-plugins.rules) * 1:13442 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13444 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13448 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine begin buffer overflow attempt (os-windows.rules) * 1:13453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access (browser-ie.rules) * 1:13454 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (browser-ie.rules) * 1:13456 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (browser-ie.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13541 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX function call access (browser-plugins.rules) * 1:13554 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink version string buffer overflow (server-other.rules) * 1:13555 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink remoteID string buffer overflow (server-other.rules) * 1:13580 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components remote code execution attempt ActiveX clsid access (browser-plugins.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13591 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:13605 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX function call access (browser-plugins.rules) * 1:13607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX clsid access (browser-plugins.rules) * 1:13609 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX function call access (browser-plugins.rules) * 1:13623 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX function call access (browser-plugins.rules) * 1:13629 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:13630 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:13633 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:13668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX clsid access (browser-plugins.rules) * 1:13670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX function call access (browser-plugins.rules) * 1:13674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX function call access (browser-plugins.rules) * 1:13699 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:13720 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 3 ActiveX clsid access (browser-plugins.rules) * 1:13722 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 4 ActiveX clsid access (browser-plugins.rules) * 1:13724 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 5 ActiveX clsid access (browser-plugins.rules) * 1:13726 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 6 ActiveX clsid access (browser-plugins.rules) * 1:13728 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 7 ActiveX clsid access (browser-plugins.rules) * 1:13730 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 8 ActiveX clsid access (browser-plugins.rules) * 1:13732 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 9 ActiveX clsid access (browser-plugins.rules) * 1:13736 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 11 ActiveX clsid access (browser-plugins.rules) * 1:13738 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 12 ActiveX clsid access (browser-plugins.rules) * 1:13740 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 13 ActiveX clsid access (browser-plugins.rules) * 1:13742 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 14 ActiveX clsid access (browser-plugins.rules) * 1:13744 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 15 ActiveX clsid access (browser-plugins.rules) * 1:13746 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 16 ActiveX clsid access (browser-plugins.rules) * 1:13748 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 17 ActiveX clsid access (browser-plugins.rules) * 1:13750 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 18 ActiveX clsid access (browser-plugins.rules) * 1:13752 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 19 ActiveX clsid access (browser-plugins.rules) * 1:13754 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 20 ActiveX clsid access (browser-plugins.rules) * 1:13756 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 21 ActiveX clsid access (browser-plugins.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13823 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (file-multimedia.rules) * 1:13824 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:13888 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13889 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13890 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13891 <-> DISABLED <-> SERVER-MSSQL Memory page overwrite attempt (server-mssql.rules) * 1:13892 <-> DISABLED <-> SERVER-MSSQL Convert function style overwrite (server-mssql.rules) * 1:13903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13912 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled attack attempt (browser-ie.rules) * 1:13918 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:13960 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:13963 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:13964 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:14023 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:14027 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14029 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14031 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14040 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (server-other.rules) * 1:14041 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt - 2 (server-other.rules) * 1:14042 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer General Property Page ActiveX clsid access (browser-plugins.rules) * 1:14044 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX function call access (browser-plugins.rules) * 1:14046 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX function call access (browser-plugins.rules) * 1:14048 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX function call access (browser-plugins.rules) * 1:14050 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX function call access (browser-plugins.rules) * 1:14052 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX function call access (browser-plugins.rules) * 1:14257 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft RSClientPrint ActiveX clsid access (browser-plugins.rules) * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:14758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX function call access (browser-plugins.rules) * 1:14762 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:14765 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX function call (browser-plugins.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:14783 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules) * 1:14897 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX function call access (browser-plugins.rules) * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:14990 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Charset header overflow attempt (server-webapp.rules) * 1:15012 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML DLL memory corruption attempt (browser-ie.rules) * 1:15084 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:15086 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX function call access (browser-plugins.rules) * 1:15096 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15102 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call access (browser-plugins.rules) * 1:15109 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 1 ActiveX clsid access (browser-plugins.rules) * 1:15112 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access (browser-plugins.rules) * 1:15146 <-> DISABLED <-> SERVER-OTHER Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15245 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX function call access (browser-plugins.rules) * 1:15256 <-> DISABLED <-> SERVER-ORACLE BPEL process manager XSS injection attempt (server-oracle.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15268 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX function call access (browser-plugins.rules) * 1:15299 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:15303 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (file-office.rules) * 1:15313 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX function call access (browser-plugins.rules) * 1:15358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15430 <-> DISABLED <-> FILE-OTHER Microsoft EMF+ GpFont.SetData buffer overflow attempt (file-other.rules) * 1:15455 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters XST parsing buffer overflow attempt (file-office.rules) * 1:15457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:15459 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted/unitialized object memory corruption attempt (browser-ie.rules) * 1:15460 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX load/unload race condition attempt (browser-ie.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules) * 1:15523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows srvsvc NetrShareEnum netname overflow attempt (os-windows.rules) * 1:15524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15526 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:15529 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain navigation cookie stealing attempt (browser-ie.rules) * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:15588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 1 ActiveX clsid access (browser-plugins.rules) * 1:15590 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 10 ActiveX clsid access (browser-plugins.rules) * 1:15592 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 11 ActiveX clsid access (browser-plugins.rules) * 1:15594 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 12 ActiveX clsid access (browser-plugins.rules) * 1:15596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 13 ActiveX clsid access (browser-plugins.rules) * 1:15598 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 14 ActiveX clsid access (browser-plugins.rules) * 1:15600 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 15 ActiveX clsid access (browser-plugins.rules) * 1:15602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 16 ActiveX clsid access (browser-plugins.rules) * 1:15604 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 17 ActiveX clsid access (browser-plugins.rules) * 1:15606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 18 ActiveX clsid access (browser-plugins.rules) * 1:15608 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 19 ActiveX clsid access (browser-plugins.rules) * 1:15610 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 2 ActiveX clsid access (browser-plugins.rules) * 1:15612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 20 ActiveX clsid access (browser-plugins.rules) * 1:15614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 21 ActiveX clsid access (browser-plugins.rules) * 1:15616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 22 ActiveX clsid access (browser-plugins.rules) * 1:15618 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 23 ActiveX clsid access (browser-plugins.rules) * 1:15620 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 24 ActiveX clsid access (browser-plugins.rules) * 1:15622 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 25 ActiveX clsid access (browser-plugins.rules) * 1:15624 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 26 ActiveX clsid access (browser-plugins.rules) * 1:15626 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 27 ActiveX clsid access (browser-plugins.rules) * 1:15628 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 28 ActiveX clsid access (browser-plugins.rules) * 1:15630 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 29 ActiveX clsid access (browser-plugins.rules) * 1:15632 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 3 ActiveX clsid access (browser-plugins.rules) * 1:15634 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 30 ActiveX clsid access (browser-plugins.rules) * 1:15636 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 31 ActiveX clsid access (browser-plugins.rules) * 1:15640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 33 ActiveX clsid access (browser-plugins.rules) * 1:15642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 34 ActiveX clsid access (browser-plugins.rules) * 1:15644 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 35 ActiveX clsid access (browser-plugins.rules) * 1:15646 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 36 ActiveX clsid access (browser-plugins.rules) * 1:15648 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 37 ActiveX clsid access (browser-plugins.rules) * 1:15650 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 38 ActiveX clsid access (browser-plugins.rules) * 1:15652 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 39 ActiveX clsid access (browser-plugins.rules) * 1:15654 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 4 ActiveX clsid access (browser-plugins.rules) * 1:15656 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 40 ActiveX clsid access (browser-plugins.rules) * 1:15658 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 41 ActiveX clsid access (browser-plugins.rules) * 1:15660 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 42 ActiveX clsid access (browser-plugins.rules) * 1:15662 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 43 ActiveX clsid access (browser-plugins.rules) * 1:15664 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 44 ActiveX clsid access (browser-plugins.rules) * 1:15666 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 45 ActiveX clsid access (browser-plugins.rules) * 1:15668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 5 ActiveX clsid access (browser-plugins.rules) * 1:15671 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX function call (browser-plugins.rules) * 1:15674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 8 ActiveX clsid access (browser-plugins.rules) * 1:15676 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 9 ActiveX clsid access (browser-plugins.rules) * 1:15678 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript (browser-plugins.rules) * 1:15679 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (browser-plugins.rules) * 1:15684 <-> DISABLED <-> OS-WINDOWS Multiple product snews uri handling code execution attempt (os-windows.rules) * 1:15687 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15689 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15691 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15695 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:15703 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15704 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMSS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15705 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PCAST protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15706 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes DAAP protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:15852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Datasource ActiveX clsid access (browser-plugins.rules) * 1:15855 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules) * 1:15894 <-> DISABLED <-> OS-WINDOWS Microsoft Color Management Module remote code execution attempt (os-windows.rules) * 1:15907 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules) * 1:15924 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15949 <-> DISABLED <-> FILE-OTHER McAfee LHA file handling overflow attempt (file-other.rules) * 1:15952 <-> DISABLED <-> SERVER-MYSQL create function libc arbitrary code execution attempt (server-mysql.rules) * 1:15992 <-> DISABLED <-> FILE-OTHER Trend Micro Products Antivirus Library overflow attempt (file-other.rules) * 1:16002 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16003 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16023 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16024 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16043 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html tag memory corruption attempt (browser-ie.rules) * 1:16050 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:16068 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:16073 <-> DISABLED <-> OS-WINDOWS MS-SQL convert function unicode overflow (os-windows.rules) * 1:16074 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16193 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent SMTP AUTH LOGIN command buffer overflow attempt (server-mail.rules) * 1:16194 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16364 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server SQLSTT denial of service attempt (server-other.rules) * 1:16432 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:16521 <-> DISABLED <-> SERVER-OTHER Squid Proxy http version number overflow attempt (server-other.rules) * 1:16578 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder 9 ActiveX buffer overflow attempt (os-windows.rules) * 1:16588 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:16602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow 3 ActiveX exploit via JavaScript (browser-plugins.rules) * 1:16607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX control access attempt (browser-plugins.rules) * 1:16610 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX GetXMLValue method buffer overflow attempt (browser-plugins.rules) * 1:16679 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDIplus integer overflow attempt (os-windows.rules) * 1:16690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16748 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX function call access (browser-plugins.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16762 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX andx attempt (netbios.rules) * 1:16764 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode andx attempt (netbios.rules) * 1:16766 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow andx attempt (netbios.rules) * 1:16777 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16778 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17050 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration Server authentication bypass attempt (server-webapp.rules) * 1:17052 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17053 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17054 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17213 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:17220 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17221 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17222 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17226 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX initialization via script (browser-plugins.rules) * 1:17228 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player skin decompression code execution attempt (os-windows.rules) * 1:17262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17263 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:17272 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer AVI parsing buffer overflow attempt (file-multimedia.rules) * 1:17280 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17313 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17348 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17349 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17374 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17386 <-> DISABLED <-> SERVER-WEBAPP Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (server-webapp.rules) * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules) * 1:17405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:17415 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:17459 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17460 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17464 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:17467 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17468 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17471 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17472 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17474 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17475 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17476 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.PURGE_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17477 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.DROP_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17478 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17479 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17480 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help File Heap Buffer Overflow attempt (file-other.rules) * 1:17498 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17499 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17500 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17501 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17502 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17513 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17514 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17516 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17546 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:17568 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:17570 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17619 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17624 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17626 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:17628 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian object call overflow attempt (netbios.rules) * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 object call overflow attempt (netbios.rules) * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 overflow attempt (netbios.rules) * 1:17643 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServe logger servie null-pointer dereference attempt (server-other.rules) * 1:17644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:17646 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17664 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:17678 <-> DISABLED <-> FILE-IMAGE Adobe BMP image handler buffer overflow attempt (file-image.rules) * 1:17691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17695 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:17736 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:17808 <-> DISABLED <-> FILE-FLASH Adobe Flash authplay.dll memory corruption attempt (file-flash.rules) * 1:18171 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18172 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18173 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18194 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:18250 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products EscapeAttributeValue integer overflow attempt (browser-firefox.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18284 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18296 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:18303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler overflow attempt (browser-ie.rules) * 1:18304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18306 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18313 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:18317 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail RCPT TO proxy overflow attempt (server-mail.rules) * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules) * 1:18476 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:18484 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:18512 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:18518 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:18520 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18521 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors iacenc.dll dll-load exploit attempt (os-windows.rules) * 1:18574 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18591 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:18600 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:18603 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (server-mail.rules) * 1:18616 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18635 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:18710 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules) * 1:18771 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18772 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18800 <-> DISABLED <-> FILE-OTHER Adobe RoboHelp Server Arbitrary File Upload (file-other.rules) * 1:18905 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18906 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18907 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18908 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18909 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18910 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18911 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18912 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18913 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18914 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18915 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18916 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18917 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18918 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18919 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18920 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18921 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18922 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18923 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18924 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18925 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18962 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player content parsing execution attempt (file-flash.rules) * 1:19079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption (browser-ie.rules) * 1:19087 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19088 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19089 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19090 <-> DISABLED <-> SERVER-OTHER CA Discovery Serice Overflow Attempt (server-other.rules) * 1:19293 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:1930 <-> DISABLED <-> PROTOCOL-IMAP auth literal overflow attempt (protocol-imap.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:19599 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_REMOVE_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:19618 <-> DISABLED <-> FILE-OTHER Multiple products dwmapi.dll dll-load exploit attempt (file-other.rules) * 1:19693 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19811 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:19815 <-> DISABLED <-> SERVER-OTHER HP Operations Manager Server Default Credientials in use attempt (server-other.rules) * 1:19892 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System modem string buffer overflow attempt (server-other.rules) * 1:19925 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX client browser plugin call-back-url buffer overflow attempt (browser-plugins.rules) * 1:20071 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID access (browser-plugins.rules) * 1:20204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:20277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:20278 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:20279 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20546 <-> DISABLED <-> SERVER-OTHER BakBone NetVault client heap overflow attempt (server-other.rules) * 1:20552 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20555 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:20576 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:20590 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:20744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt (os-windows.rules) * 1:20878 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:20879 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules) * 1:21003 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html request (malware-cnc.rules) * 1:21004 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html landing page (malware-cnc.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21041 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules) * 1:21042 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?f= (exploit-kit.rules) * 1:21043 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?e= (exploit-kit.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:2105 <-> DISABLED <-> PROTOCOL-IMAP authenticate literal overflow attempt (protocol-imap.rules) * 1:2106 <-> DISABLED <-> PROTOCOL-IMAP lsub overflow attempt (protocol-imap.rules) * 1:21068 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit landing page (exploit-kit.rules) * 1:21069 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit exploit fetch request (exploit-kit.rules) * 1:21070 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit pdf exploit page request (exploit-kit.rules) * 1:21071 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit post-exploit page request (exploit-kit.rules) * 1:21084 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function buffer overflow attempt (server-mssql.rules) * 1:21085 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function unicode buffer overflow attempt (server-mssql.rules) * 1:21096 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit control panel access (exploit-kit.rules) * 1:21097 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit post-exploit download request (exploit-kit.rules) * 1:21098 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit landing page (exploit-kit.rules) * 1:21099 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit malicious pdf request (exploit-kit.rules) * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules) * 1:21156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook VEVENT overflow attempt (file-office.rules) * 1:21186 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21289 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21290 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21298 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint chart webpart XSS attempt (server-webapp.rules) * 1:21309 <-> DISABLED <-> OS-WINDOWS Microsoft product fputlsat.dll dll-load exploit attempt (os-windows.rules) * 1:21310 <-> DISABLED <-> OS-WINDOWS Microsoft product fputlsat.dll dll-load exploit attempt (os-windows.rules) * 1:21343 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21345 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21347 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21348 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules) * 1:21414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21462 <-> DISABLED <-> FILE-JAVA Oracle Java Plugin security bypass (file-java.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21567 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21581 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - BBB (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21647 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:21770 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21771 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21772 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21774 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21775 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21790 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21791 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21794 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:21806 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:21860 <-> ENABLED <-> MALWARE-CNC Phoenix exploit kit post-compromise behavior (malware-cnc.rules) * 1:21874 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - StrReverse (exploit-kit.rules) * 1:21875 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - taskkill (exploit-kit.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21928 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:21931 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21933 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:21942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:21943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:22004 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22005 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22006 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22007 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22008 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22010 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22011 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22012 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:22081 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:22949 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:22951 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt little endian (server-webapp.rules) * 1:23010 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Cisco IOS FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23091 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23093 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23105 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23127 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET xbap STGMEDIUM.unionmember arbitrary number overwrite attempt (file-executable.rules) * 1:23142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23143 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23146 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23150 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed graphic record code execution attempt (file-office.rules) * 1:23153 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23154 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23155 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules) * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23162 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online ncrypt.dll dll-load exploit attempt (os-windows.rules) * 1:23163 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online wlanapi.dll dll-load exploit attempt (os-windows.rules) * 1:23165 <-> DISABLED <-> SERVER-OTHER Microsoft Lync Online wlanapi.dll dll-load exploit attempt (server-other.rules) * 1:23181 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework xbap DataObject object pointer attempt (file-executable.rules) * 1:23211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23228 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX clsid access (browser-plugins.rules) * 1:23240 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:23259 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23270 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:23272 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23279 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:23283 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX clsid access attempt (browser-plugins.rules) * 1:23287 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23288 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23289 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23290 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23291 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23292 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23293 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23295 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23297 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23299 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23300 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23301 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23302 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23304 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23371 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:23407 <-> DISABLED <-> SERVER-WEBAPP Apple iChat url format string exploit attempt (server-webapp.rules) * 1:23499 <-> DISABLED <-> FILE-OTHER Microsoft Windows CUR file parsing overflow attempt (file-other.rules) * 1:23500 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:23501 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23502 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23503 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23505 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:23506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:23508 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:23509 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:23510 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:23511 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:23512 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules) * 1:23526 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23527 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23528 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:23534 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:23535 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:23536 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:23537 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:23538 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:23539 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:23544 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:23545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:23546 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:23547 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:23548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:23549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:23550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules) * 1:23551 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23554 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23558 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:23559 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:23560 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23561 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:23562 <-> DISABLED <-> FILE-OTHER Microsoft MHTML XSS attempt (file-other.rules) * 1:23563 <-> DISABLED <-> FILE-OTHER Microsoft Windows MHTML XSS attempt (file-other.rules) * 1:23565 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:23567 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:23568 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:23569 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:23570 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:23571 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:23572 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:23573 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:23574 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:23575 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23576 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23579 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:23581 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23582 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules) * 1:23583 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23584 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules) * 1:23585 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:23586 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23587 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23588 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23591 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:23619 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch broken (exploit-kit.rules) * 1:23622 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page request - tkr (exploit-kit.rules) * 1:23623 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:23699 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:23700 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23715 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules) * 1:23716 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:23717 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:23718 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:23781 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:23785 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.floor catch (exploit-kit.rules) * 1:23786 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.round catch (exploit-kit.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23837 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (os-windows.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23848 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23849 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23850 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - hwehes (exploit-kit.rules) * 1:23943 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:23956 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23962 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - fewbgazr catch (exploit-kit.rules) * 1:23992 <-> DISABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules) * 1:24053 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24124 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:24186 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24189 <-> DISABLED <-> FILE-IMAGE XPM file format overflow attempt (file-image.rules) * 1:24197 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:24198 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:24200 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules) * 1:24203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24205 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24220 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24237 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24238 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24272 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24273 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24274 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24275 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24276 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24277 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24278 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24279 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:24280 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24314 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24380 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules) * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules) * 1:24535 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24550 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules) * 1:24556 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24557 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24558 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:24641 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules) * 1:24657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:24672 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:24681 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24682 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24683 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24684 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24685 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24695 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules) * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24728 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24771 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24772 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24815 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:24823 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:24839 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:24840 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - JAR redirection (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24905 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24906 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24915 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24997 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24999 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25000 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:25044 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25051 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit landing page redirection (exploit-kit.rules) * 1:25052 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit Java Exploit requested - 3 digit (exploit-kit.rules) * 1:25053 <-> DISABLED <-> EXPLOIT-KIT Redkit outbound class retrieval (exploit-kit.rules) * 1:25065 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25066 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler variant outbound connection (malware-cnc.rules) * 1:25068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler inbound connection (malware-cnc.rules) * 1:25232 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25233 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:25251 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:25298 <-> DISABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25311 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:25383 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.exe (exploit-kit.rules) * 1:25384 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.exe (exploit-kit.rules) * 1:25385 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.exe (exploit-kit.rules) * 1:25386 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.exe (exploit-kit.rules) * 1:25387 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.exe (exploit-kit.rules) * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25389 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25390 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25391 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit obfuscated payload download (exploit-kit.rules) * 1:25502 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft GDI EMF malformed file buffer overflow attempt (file-multimedia.rules) * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25587 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:25588 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25649 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25797 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:25800 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit Javascript request (exploit-kit.rules) * 1:25802 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit encoded portable executable request (exploit-kit.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:25969 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules) * 1:26066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26067 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26068 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26089 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules) * 1:26109 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:26174 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:26329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:26330 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26338 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr injection detection - leads to exploit kit (exploit-kit.rules) * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules) * 1:26341 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26342 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page - specific structure (exploit-kit.rules) * 1:26343 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26372 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26373 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26453 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE File Stream Buffer Overflow attempt (file-office.rules) * 1:26472 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:26473 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26474 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26475 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26476 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26477 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26478 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26508 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:26535 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page - specific structure (exploit-kit.rules) * 1:26536 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:26564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:26599 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:26600 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:26602 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:26648 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:26649 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:2665 <-> DISABLED <-> PROTOCOL-IMAP login literal format string attempt (protocol-imap.rules) * 1:26663 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:26667 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes playlist overflow attempt (file-multimedia.rules) * 1:26672 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26676 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:26706 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26707 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26708 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26709 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26710 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26711 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed ftCMO record remote code execution attempt (file-office.rules) * 1:26724 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:26799 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26801 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26832 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:26857 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules) * 1:26858 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:26859 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:26861 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:26862 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (file-image.rules) * 1:26863 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:26864 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:26866 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:26978 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:27001 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks Remote Management overflow attempt (server-other.rules) * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27081 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Internet Explorer exploit download - autopwn (exploit-kit.rules) * 1:27082 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit flash remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27166 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27167 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27168 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27215 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint schemes record buffer overflow (file-office.rules) * 1:27216 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint printer record buffer overflow (file-office.rules) * 1:27222 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:27243 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirectAction (server-apache.rules) * 1:27251 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:27271 <-> ENABLED <-> EXPLOIT-KIT iFramer toolkit injected iframe detected - specific structure (exploit-kit.rules) * 1:27544 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected (malware-cnc.rules) * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27548 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:27549 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:27580 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27581 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27584 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27585 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27586 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27587 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27588 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27589 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27590 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27591 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:27635 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:27671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:27695 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27696 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27697 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit successful Java exploit (exploit-kit.rules) * 1:27718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules) * 1:27719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:27757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:27758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:27788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27790 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:27793 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27798 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules) * 1:27799 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:27800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:27865 <-> ENABLED <-> EXPLOIT-KIT Blackholev2/Darkleech exploit kit landing page request (exploit-kit.rules) * 1:27881 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27883 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Oracle Java (exploit-kit.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27886 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27892 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader (exploit-kit.rules) * 1:27893 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27894 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.dll (exploit-kit.rules) * 1:27895 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:27896 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.dll (exploit-kit.rules) * 1:27897 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.dll (exploit-kit.rules) * 1:27898 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.dll (exploit-kit.rules) * 1:27908 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27909 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27945 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules) * 1:27947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:27948 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:28029 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Popads/Nuclear exploit kit jnlp request (exploit-kit.rules) * 1:28108 <-> ENABLED <-> EXPLOIT-KIT Nuclear/Magnitude exploit kit Adobe Flash exploit download attempt (exploit-kit.rules) * 1:28113 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:28124 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:28128 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28228 <-> DISABLED <-> SERVER-WEBAPP Microsoft Interactive Training buffer overflow attempt (server-webapp.rules) * 1:28236 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Nuclear exploit kit landing page (exploit-kit.rules) * 1:28263 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:28311 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28312 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28313 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28314 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28316 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28317 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28318 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28319 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28320 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28321 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28322 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28413 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded redirection attempt (exploit-kit.rules) * 1:28428 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit landing page (exploit-kit.rules) * 1:28429 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit outbound jnlp download attempt (exploit-kit.rules) * 1:28430 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit zip file download (exploit-kit.rules) * 1:28440 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules) * 1:28441 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28442 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28443 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Terminator RAT variant outbound connection (malware-cnc.rules) * 1:28493 <-> ENABLED <-> MALWARE-CNC DeputyDog diskless method outbound connection (malware-cnc.rules) * 1:28612 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Silverlight exploit download (exploit-kit.rules) * 1:28613 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page - specific-structure (exploit-kit.rules) * 1:28614 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:28616 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download attempt (exploit-kit.rules) * 1:28677 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28678 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28686 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Egobot variant outbound connection (malware-cnc.rules) * 1:29032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29066 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit XORed payload download attempt (exploit-kit.rules) * 1:29128 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:29130 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload download attempt (exploit-kit.rules) * 1:29264 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules) * 1:29327 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules) * 1:29328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules) * 1:29329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:29434 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:29435 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29436 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29581 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:29796 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29804 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29805 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29806 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:29937 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:29943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:30037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zaleelq variant outbound connection (malware-cnc.rules) * 1:30232 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:30233 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP append overflow attempt (protocol-imap.rules) * 1:30941 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:31017 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31018 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31031 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31032 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31279 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit decryption page outbound request (exploit-kit.rules) * 1:31296 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules) * 1:31301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31374 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:31420 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31421 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31427 <-> DISABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules) * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:31434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:31437 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:31439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:31462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:31473 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31474 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31475 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:31562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31650 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules) * 1:31716 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Otupsys variant outbound connection (malware-cnc.rules) * 1:31756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:31757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:31758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:31759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules) * 1:31760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31761 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31762 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31777 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:31778 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:31779 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:31780 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:31843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:31844 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:31845 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:31875 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31876 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:32062 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32063 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32064 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:32083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:32094 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:32095 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:32122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules) * 1:32131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32133 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:32136 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:32206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules) * 1:32223 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32224 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32365 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:32532 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:32615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:32625 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules) * 1:32629 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32631 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:32642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules) * 1:32643 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:32644 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45586 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt (file-multimedia.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45574 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:17663 <-> DISABLED <-> SERVER-OTHER Apple CUPS SGI image decoding buffer overflow attempt (server-other.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
* 1:32739 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:32840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32644 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:32738 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:32842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32754 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:10062 <-> DISABLED <-> FILE-IMAGE Oracle Java Virtual Machine malformed GIF buffer overflow attempt (file-image.rules) * 1:10063 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox query interface suspicious function call access attempt (browser-firefox.rules) * 1:10087 <-> DISABLED <-> SERVER-OTHER VNC password request buffer overflow attempt (server-other.rules) * 1:10188 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XMD5 overflow attempt (protocol-ftp.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules) * 1:11186 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos (password -- server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11257 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (browser-plugins.rules) * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11823 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid unicode access (browser-plugins.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:11825 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call unicode access (browser-plugins.rules) * 1:11828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control ActiveX function call access (browser-plugins.rules) * 1:11832 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX function call access (browser-plugins.rules) * 1:11837 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12114 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12115 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12195 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX function call access (browser-plugins.rules) * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:12205 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX function call access (browser-plugins.rules) * 1:12212 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail literal search date command buffer overflow attempt (server-mail.rules) * 1:12217 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12261 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX clsid access (browser-plugins.rules) * 1:12263 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX function call access (browser-plugins.rules) * 1:12265 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX clsid access (browser-plugins.rules) * 1:12267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX function call access (browser-plugins.rules) * 1:12270 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX function call (browser-plugins.rules) * 1:12273 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid access (browser-plugins.rules) * 1:12275 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access (browser-plugins.rules) * 1:12277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption exploit (browser-ie.rules) * 1:12281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX clsid access (browser-plugins.rules) * 1:12446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX function call access (browser-plugins.rules) * 1:12450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX function call access (browser-plugins.rules) * 1:12452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent File Provider ActiveX clsid access (browser-plugins.rules) * 1:12463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Visual Studio Crystal Reports RPT file handling buffer overflow attempt (os-windows.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:12631 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging small offset malformed jpeg tables (os-windows.rules) * 1:12632 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging large offset malformed jpeg tables (os-windows.rules) * 1:12634 <-> DISABLED <-> FILE-IMAGE Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (file-image.rules) * 1:12642 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials (os-windows.rules) * 1:12643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows URI External handler arbitrary command attempt (os-windows.rules) * 1:12664 <-> DISABLED <-> BROWSER-IE Microsoft Windows ShellExecute and Internet Explorer 7 url handling code execution attempt (browser-ie.rules) * 1:12687 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12731 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX function call access (browser-plugins.rules) * 1:12742 <-> DISABLED <-> SERVER-OTHER Apple Quicktime UDP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12768 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:12775 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt (browser-plugins.rules) * 1:12780 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX clsid access attempt (browser-plugins.rules) * 1:12782 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX function call access attempt (browser-plugins.rules) * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:13158 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format interchange data integer overflow attempt (file-multimedia.rules) * 1:13159 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format audio error masking integer overflow attempt (file-multimedia.rules) * 1:13160 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming audio spread error correction data length integer overflow attempt (file-multimedia.rules) * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:13216 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX function call access (browser-plugins.rules) * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13226 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX function call access (browser-plugins.rules) * 1:13269 <-> DISABLED <-> OS-WINDOWS Multiple product nntp uri handling code execution attempt (os-windows.rules) * 1:13270 <-> DISABLED <-> OS-WINDOWS Multiple product news uri handling code execution attempt (os-windows.rules) * 1:13271 <-> DISABLED <-> OS-WINDOWS Multiple product telnet uri handling code execution attempt (os-windows.rules) * 1:13272 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:13298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX function call access (browser-plugins.rules) * 1:13305 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX function call access (browser-plugins.rules) * 1:13316 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing ART buffer overflow attempt (file-multimedia.rules) * 1:13318 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cmt buffer overflow attempt (file-multimedia.rules) * 1:13319 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing des buffer overflow attempt (file-multimedia.rules) * 1:13320 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cpy buffer overflow attempt (file-multimedia.rules) * 1:13323 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX function call access (browser-plugins.rules) * 1:13421 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX function call access (browser-plugins.rules) * 1:13430 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX clsid access (browser-plugins.rules) * 1:13432 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX function call access (browser-plugins.rules) * 1:13434 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13436 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13438 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX clsid access (browser-plugins.rules) * 1:13440 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX function call access (browser-plugins.rules) * 1:13442 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13444 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13448 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine begin buffer overflow attempt (os-windows.rules) * 1:13453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access (browser-ie.rules) * 1:13454 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (browser-ie.rules) * 1:13456 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (browser-ie.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13541 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX function call access (browser-plugins.rules) * 1:13554 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink version string buffer overflow (server-other.rules) * 1:13555 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink remoteID string buffer overflow (server-other.rules) * 1:13580 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components remote code execution attempt ActiveX clsid access (browser-plugins.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13591 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:13605 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX function call access (browser-plugins.rules) * 1:13607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX clsid access (browser-plugins.rules) * 1:13609 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX function call access (browser-plugins.rules) * 1:13623 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX function call access (browser-plugins.rules) * 1:13629 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:13630 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:13633 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:13668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX clsid access (browser-plugins.rules) * 1:13670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX function call access (browser-plugins.rules) * 1:13674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX function call access (browser-plugins.rules) * 1:13699 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:13720 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 3 ActiveX clsid access (browser-plugins.rules) * 1:13722 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 4 ActiveX clsid access (browser-plugins.rules) * 1:13724 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 5 ActiveX clsid access (browser-plugins.rules) * 1:13726 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 6 ActiveX clsid access (browser-plugins.rules) * 1:13728 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 7 ActiveX clsid access (browser-plugins.rules) * 1:13730 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 8 ActiveX clsid access (browser-plugins.rules) * 1:13732 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 9 ActiveX clsid access (browser-plugins.rules) * 1:13736 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 11 ActiveX clsid access (browser-plugins.rules) * 1:13738 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 12 ActiveX clsid access (browser-plugins.rules) * 1:13740 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 13 ActiveX clsid access (browser-plugins.rules) * 1:13742 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 14 ActiveX clsid access (browser-plugins.rules) * 1:13744 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 15 ActiveX clsid access (browser-plugins.rules) * 1:13746 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 16 ActiveX clsid access (browser-plugins.rules) * 1:13748 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 17 ActiveX clsid access (browser-plugins.rules) * 1:13750 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 18 ActiveX clsid access (browser-plugins.rules) * 1:13752 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 19 ActiveX clsid access (browser-plugins.rules) * 1:13754 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 20 ActiveX clsid access (browser-plugins.rules) * 1:13756 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 21 ActiveX clsid access (browser-plugins.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13823 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (file-multimedia.rules) * 1:13824 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:13888 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13889 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13890 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13891 <-> DISABLED <-> SERVER-MSSQL Memory page overwrite attempt (server-mssql.rules) * 1:13892 <-> DISABLED <-> SERVER-MSSQL Convert function style overwrite (server-mssql.rules) * 1:13903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13912 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled attack attempt (browser-ie.rules) * 1:13918 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:13960 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:13963 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:13964 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:14023 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:14027 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14029 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14031 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14040 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (server-other.rules) * 1:14041 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt - 2 (server-other.rules) * 1:14042 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer General Property Page ActiveX clsid access (browser-plugins.rules) * 1:14044 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX function call access (browser-plugins.rules) * 1:14046 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX function call access (browser-plugins.rules) * 1:14048 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX function call access (browser-plugins.rules) * 1:14050 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX function call access (browser-plugins.rules) * 1:14052 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX function call access (browser-plugins.rules) * 1:14257 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft RSClientPrint ActiveX clsid access (browser-plugins.rules) * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:14758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX function call access (browser-plugins.rules) * 1:14762 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:14765 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX function call (browser-plugins.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:14783 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules) * 1:14897 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX function call access (browser-plugins.rules) * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:14990 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Charset header overflow attempt (server-webapp.rules) * 1:15012 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML DLL memory corruption attempt (browser-ie.rules) * 1:15084 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:15086 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX function call access (browser-plugins.rules) * 1:15096 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15102 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call access (browser-plugins.rules) * 1:15109 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 1 ActiveX clsid access (browser-plugins.rules) * 1:15112 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access (browser-plugins.rules) * 1:15146 <-> DISABLED <-> SERVER-OTHER Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15245 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX function call access (browser-plugins.rules) * 1:15256 <-> DISABLED <-> SERVER-ORACLE BPEL process manager XSS injection attempt (server-oracle.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15268 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX function call access (browser-plugins.rules) * 1:15299 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:15303 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (file-office.rules) * 1:15313 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX function call access (browser-plugins.rules) * 1:15358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15430 <-> DISABLED <-> FILE-OTHER Microsoft EMF+ GpFont.SetData buffer overflow attempt (file-other.rules) * 1:15455 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters XST parsing buffer overflow attempt (file-office.rules) * 1:15457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:15459 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted/unitialized object memory corruption attempt (browser-ie.rules) * 1:15460 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX load/unload race condition attempt (browser-ie.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules) * 1:15523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows srvsvc NetrShareEnum netname overflow attempt (os-windows.rules) * 1:15524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15526 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:15529 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain navigation cookie stealing attempt (browser-ie.rules) * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:15588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 1 ActiveX clsid access (browser-plugins.rules) * 1:15590 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 10 ActiveX clsid access (browser-plugins.rules) * 1:15592 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 11 ActiveX clsid access (browser-plugins.rules) * 1:15594 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 12 ActiveX clsid access (browser-plugins.rules) * 1:15596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 13 ActiveX clsid access (browser-plugins.rules) * 1:15598 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 14 ActiveX clsid access (browser-plugins.rules) * 1:15600 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 15 ActiveX clsid access (browser-plugins.rules) * 1:15602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 16 ActiveX clsid access (browser-plugins.rules) * 1:15604 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 17 ActiveX clsid access (browser-plugins.rules) * 1:15606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 18 ActiveX clsid access (browser-plugins.rules) * 1:15608 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 19 ActiveX clsid access (browser-plugins.rules) * 1:15610 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 2 ActiveX clsid access (browser-plugins.rules) * 1:15612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 20 ActiveX clsid access (browser-plugins.rules) * 1:15614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 21 ActiveX clsid access (browser-plugins.rules) * 1:15616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 22 ActiveX clsid access (browser-plugins.rules) * 1:15618 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 23 ActiveX clsid access (browser-plugins.rules) * 1:15620 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 24 ActiveX clsid access (browser-plugins.rules) * 1:15622 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 25 ActiveX clsid access (browser-plugins.rules) * 1:15624 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 26 ActiveX clsid access (browser-plugins.rules) * 1:15626 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 27 ActiveX clsid access (browser-plugins.rules) * 1:15628 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 28 ActiveX clsid access (browser-plugins.rules) * 1:15630 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 29 ActiveX clsid access (browser-plugins.rules) * 1:15632 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 3 ActiveX clsid access (browser-plugins.rules) * 1:15634 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 30 ActiveX clsid access (browser-plugins.rules) * 1:15636 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 31 ActiveX clsid access (browser-plugins.rules) * 1:15640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 33 ActiveX clsid access (browser-plugins.rules) * 1:15642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 34 ActiveX clsid access (browser-plugins.rules) * 1:15644 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 35 ActiveX clsid access (browser-plugins.rules) * 1:15646 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 36 ActiveX clsid access (browser-plugins.rules) * 1:15648 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 37 ActiveX clsid access (browser-plugins.rules) * 1:15650 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 38 ActiveX clsid access (browser-plugins.rules) * 1:15652 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 39 ActiveX clsid access (browser-plugins.rules) * 1:15654 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 4 ActiveX clsid access (browser-plugins.rules) * 1:15656 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 40 ActiveX clsid access (browser-plugins.rules) * 1:15658 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 41 ActiveX clsid access (browser-plugins.rules) * 1:15660 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 42 ActiveX clsid access (browser-plugins.rules) * 1:15662 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 43 ActiveX clsid access (browser-plugins.rules) * 1:15664 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 44 ActiveX clsid access (browser-plugins.rules) * 1:15666 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 45 ActiveX clsid access (browser-plugins.rules) * 1:15668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 5 ActiveX clsid access (browser-plugins.rules) * 1:15671 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX function call (browser-plugins.rules) * 1:15674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 8 ActiveX clsid access (browser-plugins.rules) * 1:15676 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 9 ActiveX clsid access (browser-plugins.rules) * 1:15678 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript (browser-plugins.rules) * 1:15679 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (browser-plugins.rules) * 1:15684 <-> DISABLED <-> OS-WINDOWS Multiple product snews uri handling code execution attempt (os-windows.rules) * 1:15687 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15689 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15691 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15695 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:15703 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15704 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMSS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15705 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PCAST protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15706 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes DAAP protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:15852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Datasource ActiveX clsid access (browser-plugins.rules) * 1:15855 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules) * 1:15894 <-> DISABLED <-> OS-WINDOWS Microsoft Color Management Module remote code execution attempt (os-windows.rules) * 1:15907 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules) * 1:15924 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15949 <-> DISABLED <-> FILE-OTHER McAfee LHA file handling overflow attempt (file-other.rules) * 1:15952 <-> DISABLED <-> SERVER-MYSQL create function libc arbitrary code execution attempt (server-mysql.rules) * 1:15992 <-> DISABLED <-> FILE-OTHER Trend Micro Products Antivirus Library overflow attempt (file-other.rules) * 1:16002 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16003 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16023 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16024 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16043 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html tag memory corruption attempt (browser-ie.rules) * 1:16050 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:16068 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:16073 <-> DISABLED <-> OS-WINDOWS MS-SQL convert function unicode overflow (os-windows.rules) * 1:16074 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16193 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent SMTP AUTH LOGIN command buffer overflow attempt (server-mail.rules) * 1:16194 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16364 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server SQLSTT denial of service attempt (server-other.rules) * 1:16432 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:16521 <-> DISABLED <-> SERVER-OTHER Squid Proxy http version number overflow attempt (server-other.rules) * 1:16578 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder 9 ActiveX buffer overflow attempt (os-windows.rules) * 1:16588 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:16602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow 3 ActiveX exploit via JavaScript (browser-plugins.rules) * 1:16607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX control access attempt (browser-plugins.rules) * 1:16610 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX GetXMLValue method buffer overflow attempt (browser-plugins.rules) * 1:16679 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDIplus integer overflow attempt (os-windows.rules) * 1:16690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16748 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX function call access (browser-plugins.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16762 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX andx attempt (netbios.rules) * 1:16764 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode andx attempt (netbios.rules) * 1:16766 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow andx attempt (netbios.rules) * 1:16777 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16778 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17050 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration Server authentication bypass attempt (server-webapp.rules) * 1:17052 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17053 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17054 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17213 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:17220 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17221 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17222 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17226 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX initialization via script (browser-plugins.rules) * 1:17228 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player skin decompression code execution attempt (os-windows.rules) * 1:17262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17263 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:17272 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer AVI parsing buffer overflow attempt (file-multimedia.rules) * 1:17280 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17313 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17348 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17349 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17374 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17386 <-> DISABLED <-> SERVER-WEBAPP Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (server-webapp.rules) * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules) * 1:17405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:17415 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:17459 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17460 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17464 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:17467 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17468 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17471 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17472 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17474 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17475 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17476 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.PURGE_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17477 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.DROP_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17478 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17479 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17480 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help File Heap Buffer Overflow attempt (file-other.rules) * 1:17498 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17499 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17500 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17501 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17502 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17513 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17514 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17516 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17546 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:17568 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:17570 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17619 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17624 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17626 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:17628 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian object call overflow attempt (netbios.rules) * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 object call overflow attempt (netbios.rules) * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 overflow attempt (netbios.rules) * 1:17643 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServe logger servie null-pointer dereference attempt (server-other.rules) * 1:17644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:17646 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17664 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:17678 <-> DISABLED <-> FILE-IMAGE Adobe BMP image handler buffer overflow attempt (file-image.rules) * 1:17691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17695 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:17736 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:17808 <-> DISABLED <-> FILE-FLASH Adobe Flash authplay.dll memory corruption attempt (file-flash.rules) * 1:18171 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18172 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18173 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18194 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:18250 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products EscapeAttributeValue integer overflow attempt (browser-firefox.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18284 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18296 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:18303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler overflow attempt (browser-ie.rules) * 1:18304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18306 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18313 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:18317 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail RCPT TO proxy overflow attempt (server-mail.rules) * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules) * 1:18476 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:18484 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:18512 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:18518 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:18520 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18521 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors iacenc.dll dll-load exploit attempt (os-windows.rules) * 1:18574 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18591 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:18600 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:18603 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (server-mail.rules) * 1:18616 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18635 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:18710 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules) * 1:18771 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18772 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18800 <-> DISABLED <-> FILE-OTHER Adobe RoboHelp Server Arbitrary File Upload (file-other.rules) * 1:18905 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18906 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18907 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18908 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18909 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18910 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18911 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18912 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18913 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18914 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18915 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18916 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18917 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18918 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18919 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18920 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18921 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18922 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18923 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18924 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18925 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18962 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player content parsing execution attempt (file-flash.rules) * 1:19079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption (browser-ie.rules) * 1:19087 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19088 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19089 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19090 <-> DISABLED <-> SERVER-OTHER CA Discovery Serice Overflow Attempt (server-other.rules) * 1:19293 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:1930 <-> DISABLED <-> PROTOCOL-IMAP auth literal overflow attempt (protocol-imap.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:19599 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_REMOVE_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:19618 <-> DISABLED <-> FILE-OTHER Multiple products dwmapi.dll dll-load exploit attempt (file-other.rules) * 1:19693 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19811 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:19815 <-> DISABLED <-> SERVER-OTHER HP Operations Manager Server Default Credientials in use attempt (server-other.rules) * 1:19892 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System modem string buffer overflow attempt (server-other.rules) * 1:19925 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX client browser plugin call-back-url buffer overflow attempt (browser-plugins.rules) * 1:20071 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID access (browser-plugins.rules) * 1:20204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:20277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:20278 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:20279 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20546 <-> DISABLED <-> SERVER-OTHER BakBone NetVault client heap overflow attempt (server-other.rules) * 1:20552 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20555 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:20576 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:20590 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:20744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt (os-windows.rules) * 1:20878 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:20879 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules) * 1:21003 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html request (malware-cnc.rules) * 1:21004 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html landing page (malware-cnc.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21041 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules) * 1:21042 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?f= (exploit-kit.rules) * 1:21043 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?e= (exploit-kit.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:2105 <-> DISABLED <-> PROTOCOL-IMAP authenticate literal overflow attempt (protocol-imap.rules) * 1:2106 <-> DISABLED <-> PROTOCOL-IMAP lsub overflow attempt (protocol-imap.rules) * 1:21068 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit landing page (exploit-kit.rules) * 1:21069 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit exploit fetch request (exploit-kit.rules) * 1:21070 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit pdf exploit page request (exploit-kit.rules) * 1:21071 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit post-exploit page request (exploit-kit.rules) * 1:21084 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function buffer overflow attempt (server-mssql.rules) * 1:21085 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function unicode buffer overflow attempt (server-mssql.rules) * 1:21096 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit control panel access (exploit-kit.rules) * 1:21097 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit post-exploit download request (exploit-kit.rules) * 1:21098 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit landing page (exploit-kit.rules) * 1:21099 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit malicious pdf request (exploit-kit.rules) * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules) * 1:21156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook VEVENT overflow attempt (file-office.rules) * 1:21186 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21289 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21290 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21298 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint chart webpart XSS attempt (server-webapp.rules) * 1:21309 <-> DISABLED <-> OS-WINDOWS Microsoft product fputlsat.dll dll-load exploit attempt (os-windows.rules) * 1:21310 <-> DISABLED <-> OS-WINDOWS Microsoft product fputlsat.dll dll-load exploit attempt (os-windows.rules) * 1:21343 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21345 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21347 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21348 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules) * 1:21414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21462 <-> DISABLED <-> FILE-JAVA Oracle Java Plugin security bypass (file-java.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21567 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21581 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - BBB (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21647 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:21770 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21771 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21772 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21774 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21775 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21790 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21791 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21794 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:21806 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:21860 <-> ENABLED <-> MALWARE-CNC Phoenix exploit kit post-compromise behavior (malware-cnc.rules) * 1:21874 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - StrReverse (exploit-kit.rules) * 1:21875 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - taskkill (exploit-kit.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21928 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:21931 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21933 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:21942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:21943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:22004 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22005 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22006 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22007 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22008 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22010 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22011 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22012 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:22081 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:22949 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:22951 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt little endian (server-webapp.rules) * 1:23010 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Cisco IOS FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23091 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23093 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23105 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23127 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET xbap STGMEDIUM.unionmember arbitrary number overwrite attempt (file-executable.rules) * 1:23142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23143 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23146 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23150 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed graphic record code execution attempt (file-office.rules) * 1:23153 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23154 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23155 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules) * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23162 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online ncrypt.dll dll-load exploit attempt (os-windows.rules) * 1:23163 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online wlanapi.dll dll-load exploit attempt (os-windows.rules) * 1:23165 <-> DISABLED <-> SERVER-OTHER Microsoft Lync Online wlanapi.dll dll-load exploit attempt (server-other.rules) * 1:23181 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework xbap DataObject object pointer attempt (file-executable.rules) * 1:23211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23228 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX clsid access (browser-plugins.rules) * 1:23240 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:23259 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23270 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:23272 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23279 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:23283 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX clsid access attempt (browser-plugins.rules) * 1:23287 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23288 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23289 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23290 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23291 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23292 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23293 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23295 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23297 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23299 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23300 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23301 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23302 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23304 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23371 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:23407 <-> DISABLED <-> SERVER-WEBAPP Apple iChat url format string exploit attempt (server-webapp.rules) * 1:23499 <-> DISABLED <-> FILE-OTHER Microsoft Windows CUR file parsing overflow attempt (file-other.rules) * 1:23500 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:23501 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23502 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23503 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23505 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:23506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:23508 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:23509 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:23510 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:23511 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:23512 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules) * 1:23526 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23527 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23528 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:23534 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:23535 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:23536 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:23537 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:23538 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:23539 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:23544 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:23545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:23546 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:23547 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:23548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:23549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:23550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules) * 1:23551 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23554 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23558 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:23559 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:23560 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23561 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:23562 <-> DISABLED <-> FILE-OTHER Microsoft MHTML XSS attempt (file-other.rules) * 1:23563 <-> DISABLED <-> FILE-OTHER Microsoft Windows MHTML XSS attempt (file-other.rules) * 1:23565 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:23567 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:23568 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:23569 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:23570 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:23571 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:23572 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:23573 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:23574 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:23575 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23576 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23579 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:23581 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23582 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules) * 1:23583 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23584 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules) * 1:23585 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:23586 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23587 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23588 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23591 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:23619 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch broken (exploit-kit.rules) * 1:23622 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page request - tkr (exploit-kit.rules) * 1:23623 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:23699 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:23700 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23715 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules) * 1:23716 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:23717 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:23718 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:23781 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:23785 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.floor catch (exploit-kit.rules) * 1:23786 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.round catch (exploit-kit.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23837 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (os-windows.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23848 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23849 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23850 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - hwehes (exploit-kit.rules) * 1:23943 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:23956 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23962 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - fewbgazr catch (exploit-kit.rules) * 1:23992 <-> DISABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules) * 1:24053 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24124 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:24186 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24189 <-> DISABLED <-> FILE-IMAGE XPM file format overflow attempt (file-image.rules) * 1:24197 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:24198 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:24200 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules) * 1:24203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24205 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24220 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24237 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24238 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24272 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24273 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24274 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24275 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24276 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24277 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24278 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24279 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:24280 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24314 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24380 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules) * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules) * 1:24535 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24550 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules) * 1:24556 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24557 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24558 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:24641 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules) * 1:24657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:24672 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:24681 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24682 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24683 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24684 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24685 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24695 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules) * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24728 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24771 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24772 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24815 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:24823 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:24839 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:24840 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - JAR redirection (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24905 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24906 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24915 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24997 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24999 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25000 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:25044 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25051 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit landing page redirection (exploit-kit.rules) * 1:25052 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit Java Exploit requested - 3 digit (exploit-kit.rules) * 1:25053 <-> DISABLED <-> EXPLOIT-KIT Redkit outbound class retrieval (exploit-kit.rules) * 1:25065 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25066 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler variant outbound connection (malware-cnc.rules) * 1:25068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler inbound connection (malware-cnc.rules) * 1:25232 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25233 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:25251 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:25298 <-> DISABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25311 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:25383 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.exe (exploit-kit.rules) * 1:25384 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.exe (exploit-kit.rules) * 1:25385 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.exe (exploit-kit.rules) * 1:25386 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.exe (exploit-kit.rules) * 1:25387 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.exe (exploit-kit.rules) * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25389 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25390 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25391 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit obfuscated payload download (exploit-kit.rules) * 1:25502 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft GDI EMF malformed file buffer overflow attempt (file-multimedia.rules) * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25587 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:25588 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25649 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25797 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:25800 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit Javascript request (exploit-kit.rules) * 1:25802 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit encoded portable executable request (exploit-kit.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:25969 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules) * 1:26066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26067 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26068 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26089 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules) * 1:26109 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:26174 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:26329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:26330 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26338 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr injection detection - leads to exploit kit (exploit-kit.rules) * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules) * 1:26341 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26342 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page - specific structure (exploit-kit.rules) * 1:26343 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26372 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26373 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26453 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE File Stream Buffer Overflow attempt (file-office.rules) * 1:26472 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:26473 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26474 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26475 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26476 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26477 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26478 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26508 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:26535 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page - specific structure (exploit-kit.rules) * 1:26536 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:26564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:26599 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:26600 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:26602 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:26648 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:26649 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:2665 <-> DISABLED <-> PROTOCOL-IMAP login literal format string attempt (protocol-imap.rules) * 1:26663 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:26667 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes playlist overflow attempt (file-multimedia.rules) * 1:26672 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26676 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:26706 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26707 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26708 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26709 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26710 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26711 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed ftCMO record remote code execution attempt (file-office.rules) * 1:26724 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:26799 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26801 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26832 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:26857 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules) * 1:26858 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:26859 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:26861 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:26862 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (file-image.rules) * 1:26863 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:26864 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:26866 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:26978 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:27001 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks Remote Management overflow attempt (server-other.rules) * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27081 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Internet Explorer exploit download - autopwn (exploit-kit.rules) * 1:27082 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit flash remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27166 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27167 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27168 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27215 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint schemes record buffer overflow (file-office.rules) * 1:27216 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint printer record buffer overflow (file-office.rules) * 1:27222 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:27243 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirectAction (server-apache.rules) * 1:27251 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:27271 <-> ENABLED <-> EXPLOIT-KIT iFramer toolkit injected iframe detected - specific structure (exploit-kit.rules) * 1:27544 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected (malware-cnc.rules) * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27548 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:27549 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:27580 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27581 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27584 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27585 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27586 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27587 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27588 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27589 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27590 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27591 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:27635 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:27671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:27695 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27696 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27697 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit successful Java exploit (exploit-kit.rules) * 1:27718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules) * 1:27719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:27757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:27758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:27788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27790 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:27793 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27798 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules) * 1:27799 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:27800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:27865 <-> ENABLED <-> EXPLOIT-KIT Blackholev2/Darkleech exploit kit landing page request (exploit-kit.rules) * 1:27881 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27883 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Oracle Java (exploit-kit.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27886 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27892 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader (exploit-kit.rules) * 1:27893 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27894 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.dll (exploit-kit.rules) * 1:27895 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:27896 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.dll (exploit-kit.rules) * 1:27897 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.dll (exploit-kit.rules) * 1:27898 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.dll (exploit-kit.rules) * 1:27908 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27909 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27945 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules) * 1:27947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:27948 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:28029 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Popads/Nuclear exploit kit jnlp request (exploit-kit.rules) * 1:28108 <-> ENABLED <-> EXPLOIT-KIT Nuclear/Magnitude exploit kit Adobe Flash exploit download attempt (exploit-kit.rules) * 1:28113 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:28124 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:28128 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28228 <-> DISABLED <-> SERVER-WEBAPP Microsoft Interactive Training buffer overflow attempt (server-webapp.rules) * 1:28236 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Nuclear exploit kit landing page (exploit-kit.rules) * 1:28263 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:28311 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28312 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28313 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28314 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28316 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28317 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28318 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28319 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28320 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28321 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28322 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28413 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded redirection attempt (exploit-kit.rules) * 1:28428 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit landing page (exploit-kit.rules) * 1:28429 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit outbound jnlp download attempt (exploit-kit.rules) * 1:28430 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit zip file download (exploit-kit.rules) * 1:28440 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules) * 1:28441 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28442 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28443 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Terminator RAT variant outbound connection (malware-cnc.rules) * 1:28493 <-> ENABLED <-> MALWARE-CNC DeputyDog diskless method outbound connection (malware-cnc.rules) * 1:28612 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Silverlight exploit download (exploit-kit.rules) * 1:28613 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page - specific-structure (exploit-kit.rules) * 1:28614 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:28616 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download attempt (exploit-kit.rules) * 1:28677 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28678 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28686 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Egobot variant outbound connection (malware-cnc.rules) * 1:29032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29066 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit XORed payload download attempt (exploit-kit.rules) * 1:29128 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:29130 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload download attempt (exploit-kit.rules) * 1:29264 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules) * 1:29327 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules) * 1:29328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules) * 1:29329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:29434 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:29435 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29436 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29581 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:29796 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29804 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29805 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29806 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:29937 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:29943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:30037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zaleelq variant outbound connection (malware-cnc.rules) * 1:30232 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:30233 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP append overflow attempt (protocol-imap.rules) * 1:30941 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:31017 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31018 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31031 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31032 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31279 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit decryption page outbound request (exploit-kit.rules) * 1:31296 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules) * 1:31301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31374 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:31420 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31421 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31427 <-> DISABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules) * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:31434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:31437 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:31439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:31462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:31473 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31474 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31475 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:31562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31650 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules) * 1:31716 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Otupsys variant outbound connection (malware-cnc.rules) * 1:31756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:31757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:31758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:31759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules) * 1:31760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31761 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31762 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31777 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:31778 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:31779 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:31780 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:31843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:31844 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:31845 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:31875 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31876 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:32062 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32063 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32064 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:32083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:32094 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:32095 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:32122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules) * 1:32131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32133 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:32136 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:32206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules) * 1:32223 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32224 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32365 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:32532 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:32615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:32625 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules) * 1:32629 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32631 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:32642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules) * 1:32643 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:32843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32844 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:32869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:32870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:32871 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:33041 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:33043 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:33044 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33045 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:33115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33198 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:33479 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:33492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33495 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33548 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:33566 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:33575 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33576 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33577 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33578 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33579 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access attempt (browser-plugins.rules) * 1:33582 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:33584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:33585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:33586 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:33589 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33590 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33591 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33601 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:33602 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:33670 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules) * 1:33671 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size2 dos attempt (server-other.rules) * 1:33672 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size3 dos attempt (server-other.rules) * 1:33684 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:33740 <-> DISABLED <-> FILE-IMAGE Microsoft emf file download request (file-image.rules) * 1:33824 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:33827 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33828 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33829 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33979 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:34048 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:34055 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34056 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules) * 1:34135 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:34293 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:34294 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:34632 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules) * 1:3474 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client name overflow (server-other.rules) * 1:3475 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client domain overflow (server-other.rules) * 1:3476 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client domain overflow (server-other.rules) * 1:3477 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client name overflow (server-other.rules) * 1:3478 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client domain overflow (server-other.rules) * 1:3479 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client name overflow (server-other.rules) * 1:3480 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client name overflow (server-other.rules) * 1:3481 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client domain overflow (server-other.rules) * 1:3482 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client name overflow (server-other.rules) * 1:3483 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client domain overflow (server-other.rules) * 1:3484 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client name overflow (server-other.rules) * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:3485 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client domain overflow (server-other.rules) * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:3521 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR CHECKSUMS overflow attempt (server-other.rules) * 1:3524 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR CHECKSUMS attempt (server-other.rules) * 1:3525 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR NETWORK attempt (server-other.rules) * 1:3529 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG client overflow attempt (server-other.rules) * 1:3530 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client name overflow (server-other.rules) * 1:3531 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client domain overflow (server-other.rules) * 1:3553 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM null DHTML element insertion attempt (browser-ie.rules) * 1:35747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules) * 1:36363 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36364 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:3637 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF directory traversal attempt (server-other.rules) * 1:36431 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36432 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:36559 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36560 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:3659 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 buffer overflow attempt (server-other.rules) * 1:3660 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 little endian buffer overflow attempt (server-other.rules) * 1:3661 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 buffer overflow attempt (server-other.rules) * 1:3662 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 little endian buffer overflow attempt (server-other.rules) * 1:3663 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 buffer overflow attempt (server-other.rules) * 1:36644 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36645 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36646 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:36782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:36783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:37029 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37030 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37031 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37034 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37035 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:37294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:37423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:3822 <-> DISABLED <-> SERVER-WEBAPP RealNetworks RealPlayer realtext long URI request attempt (server-webapp.rules) * 1:38576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:38670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:39601 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39602 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39603 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39604 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39605 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39606 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39608 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39609 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39610 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39611 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39612 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39613 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39614 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39616 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39617 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39618 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39619 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39620 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39621 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39622 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39623 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39624 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39625 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39626 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39627 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39628 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39629 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39630 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39631 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39632 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39870 <-> DISABLED <-> INDICATOR-COMPROMISE Oracle E-Business Suite arbitrary node deletion (indicator-compromise.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:40243 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40244 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40245 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40246 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40247 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40248 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules) * 1:41094 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:4129 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent large login packet DoS attempt (server-other.rules) * 1:4172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent v1.5 ActiveX clsid access (browser-plugins.rules) * 1:41728 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41729 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41730 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41731 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:43337 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43338 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:43698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:43699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:43830 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43831 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43989 <-> DISABLED <-> INDICATOR-OBFUSCATION newlines embedded in rtf header (indicator-obfuscation.rules) * 1:43990 <-> DISABLED <-> INDICATOR-OBFUSCATION RTF obfuscation string (indicator-obfuscation.rules) * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44146 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:44147 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:44188 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:44281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44283 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44284 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:44296 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:44455 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:44456 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:44729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:44730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:45142 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45143 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45148 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45154 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:4826 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (os-windows.rules) * 1:4890 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer IAVIStream & IAVIFile Proxy ActiveX object access (browser-plugins.rules) * 1:4891 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer cfw Class ActiveX object access (browser-plugins.rules) * 1:4892 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MTSEvents Class ActiveX object access (browser-plugins.rules) * 1:4893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Trident HTMLEditor ActiveX object access (browser-plugins.rules) * 1:4894 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSEnumVariant ActiveX object access (browser-plugins.rules) * 1:4895 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeInfo ActiveX object access (browser-plugins.rules) * 1:4896 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeLib ActiveX object access (browser-plugins.rules) * 1:4897 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSOAInterface ActiveX object access (browser-plugins.rules) * 1:4898 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeComp ActiveX object access (browser-plugins.rules) * 1:4900 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Outlook Progress Ctl ActiveX object access (browser-plugins.rules) * 1:4901 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR Allocator Presenter 9 ActiveX object access (browser-plugins.rules) * 1:4902 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Mixing Renderer 9 ActiveX object access (browser-plugins.rules) * 1:4903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR ImageSync 9 ActiveX object access (browser-plugins.rules) * 1:4904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Alias ActiveX object access (browser-plugins.rules) * 1:4905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Object ActiveX object access (browser-plugins.rules) * 1:4906 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Interface Definition ActiveX object access (browser-plugins.rules) * 1:4907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Collection Definition ActiveX object access (browser-plugins.rules) * 1:4908 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Method Definition ActiveX object access (browser-plugins.rules) * 1:4909 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Property Definition ActiveX object access (browser-plugins.rules) * 1:4910 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Relationship Definition ActiveX object access (browser-plugins.rules) * 1:4911 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Type Library ActiveX object access (browser-plugins.rules) * 1:4912 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Root ActiveX object access (browser-plugins.rules) * 1:4913 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Workspace ActiveX object access (browser-plugins.rules) * 1:4914 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Script Definition ActiveX object access (browser-plugins.rules) * 1:4915 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shortcut Handler ActiveX object access (browser-plugins.rules) * 1:4986 <-> DISABLED <-> SERVER-WEBAPP Twiki view rev command injection attempt (server-webapp.rules) * 1:4987 <-> DISABLED <-> SERVER-WEBAPP Twiki viewfile rev command injection attempt (server-webapp.rules) * 1:5319 <-> DISABLED <-> OS-WINDOWS Microsoft Windows picture and fax viewer wmf arbitrary code execution attempt (os-windows.rules) * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:5705 <-> DISABLED <-> PROTOCOL-IMAP CAPABILITY overflow attempt (protocol-imap.rules) * 1:5711 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player zero length bitmap heap overflow attempt (file-image.rules) * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules) * 1:6412 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book attachment detected (server-mail.rules) * 1:6413 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book Base64 encoded attachment detected (server-mail.rules) * 1:6502 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - ANIMEXTS1.0 (file-image.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:6510 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri shortcut buffer overflow attempt (browser-ie.rules) * 1:6690 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules) * 1:6691 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:6693 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:6694 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:6696 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:6698 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:6699 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:6701 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:7003 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX function call access (browser-plugins.rules) * 1:7028 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7029 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:7036 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:7037 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:7038 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:7039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:7040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:7041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:7042 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:7207 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION SQL injection attempt (server-oracle.rules) * 1:7208 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA access attempt (server-oracle.rules) * 1:7210 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules) * 1:7425 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 9x8Resize ActiveX clsid access (browser-plugins.rules) * 1:7427 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Allocator Fix ActiveX clsid access (browser-plugins.rules) * 1:7429 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Bitmap ActiveX clsid access (browser-plugins.rules) * 1:7431 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectFrame.DirectControl.1 ActiveX clsid access (browser-plugins.rules) * 1:7433 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectX Transform Wrapper Property Page ActiveX clsid access (browser-plugins.rules) * 1:7436 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX function call (browser-plugins.rules) * 1:7437 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Frame Eater ActiveX clsid access (browser-plugins.rules) * 1:7439 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Help ActiveX clsid access (browser-plugins.rules) * 1:7442 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mmAEPlugIn.AEPlugIn.1 ActiveX clsid access (browser-plugins.rules) * 1:7444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Mmedia.AsyncMHandler.1 ActiveX clsid access (browser-plugins.rules) * 1:7446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Record Queue ActiveX clsid access (browser-plugins.rules) * 1:7448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ShotDetect ActiveX clsid access (browser-plugins.rules) * 1:7450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Stetch ActiveX clsid access (browser-plugins.rules) * 1:7452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM Color Converter Filter ActiveX clsid access (browser-plugins.rules) * 1:7454 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2ae.dll ActiveX clsid access (browser-plugins.rules) * 1:7456 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxa.dll ActiveX clsid access (browser-plugins.rules) * 1:7458 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxb.dll ActiveX clsid access (browser-plugins.rules) * 1:7460 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Audio Analyzer ActiveX clsid access (browser-plugins.rules) * 1:7462 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Black Frame Generator ActiveX clsid access (browser-plugins.rules) * 1:7464 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Filter ActiveX clsid access (browser-plugins.rules) * 1:7466 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Prop Page ActiveX clsid access (browser-plugins.rules) * 1:7468 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DirectX Transform Wrapper ActiveX clsid access (browser-plugins.rules) * 1:7470 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DV Extract Filter ActiveX clsid access (browser-plugins.rules) * 1:7472 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion Prop Page ActiveX clsid access (browser-plugins.rules) * 1:7474 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion ActiveX clsid access (browser-plugins.rules) * 1:7476 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Import Filter ActiveX clsid access (browser-plugins.rules) * 1:7478 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Interlacer ActiveX clsid access (browser-plugins.rules) * 1:7480 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Log Filter ActiveX clsid access (browser-plugins.rules) * 1:7482 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT MuxDeMux Filter ActiveX clsid access (browser-plugins.rules) * 1:7484 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Sample Info Filter ActiveX clsid access (browser-plugins.rules) * 1:7486 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen Capture Filter Task Page ActiveX clsid access (browser-plugins.rules) * 1:7488 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen capture Filter ActiveX clsid access (browser-plugins.rules) * 1:7490 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Switch Filter ActiveX clsid access (browser-plugins.rules) * 1:7492 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Renderer ActiveX clsid access (browser-plugins.rules) * 1:7494 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Source ActiveX clsid access (browser-plugins.rules) * 1:7496 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Volume ActiveX clsid access (browser-plugins.rules) * 1:7498 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM TV Out Smooth Picture Filter ActiveX clsid access (browser-plugins.rules) * 1:7500 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM VIH2 Fix ActiveX clsid access (browser-plugins.rules) * 1:7862 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsAppExpired ActiveX function call access (browser-plugins.rules) * 1:7863 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsOldAppInstalled ActiveX function call access (browser-plugins.rules) * 1:7866 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Connection ActiveX clsid access (browser-plugins.rules) * 1:7868 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX clsid access (browser-plugins.rules) * 1:7870 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 9.0 ActiveX clsid access (browser-plugins.rules) * 1:7914 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX clsid access (browser-plugins.rules) * 1:7928 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer file or local Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7934 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ftp Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7938 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer gopher Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7942 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer http Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7944 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer https Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7958 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mk Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7978 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX clsid access (browser-plugins.rules) * 1:7981 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:8060 <-> DISABLED <-> SERVER-OTHER UltraVNC VNCLog buffer overflow (server-other.rules) * 1:8377 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8381 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8383 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8385 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX clsid access (browser-plugins.rules) * 1:8387 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8389 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8405 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ActiveX clsid access (browser-plugins.rules) * 1:8409 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX clsid access (browser-plugins.rules) * 1:8425 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access (browser-plugins.rules) * 1:8740 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX function call access (browser-plugins.rules) * 1:8846 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Character Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8848 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8850 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX clsid access (browser-plugins.rules) * 1:8854 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX function call access (browser-plugins.rules) * 1:8856 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v1.5 ActiveX function call access (browser-plugins.rules) * 1:9131 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX function call access (browser-plugins.rules) * 1:9132 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (os-windows.rules) * 1:9228 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (os-windows.rules) * 1:9421 <-> ENABLED <-> MALWARE-OTHER zotob attempt (malware-other.rules) * 1:9432 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9433 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9441 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath overflow attempt (netbios.rules) * 1:9634 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP (server-other.rules) * 1:9635 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP (server-other.rules) * 1:9636 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP (server-other.rules) * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules) * 1:9848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45586 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt (file-multimedia.rules) * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:45574 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:17663 <-> DISABLED <-> SERVER-OTHER Apple CUPS SGI image decoding buffer overflow attempt (server-other.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
* 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:10062 <-> DISABLED <-> FILE-IMAGE Oracle Java Virtual Machine malformed GIF buffer overflow attempt (file-image.rules) * 1:10063 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox query interface suspicious function call access attempt (browser-firefox.rules) * 1:10087 <-> DISABLED <-> SERVER-OTHER VNC password request buffer overflow attempt (server-other.rules) * 1:10188 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XMD5 overflow attempt (protocol-ftp.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules) * 1:11186 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos (password -- server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11257 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (browser-plugins.rules) * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11823 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid unicode access (browser-plugins.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:11825 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call unicode access (browser-plugins.rules) * 1:11828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control ActiveX function call access (browser-plugins.rules) * 1:11832 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX function call access (browser-plugins.rules) * 1:11837 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:12114 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12115 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12195 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX function call access (browser-plugins.rules) * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:12205 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX function call access (browser-plugins.rules) * 1:12212 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail literal search date command buffer overflow attempt (server-mail.rules) * 1:12217 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12261 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX clsid access (browser-plugins.rules) * 1:12263 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX function call access (browser-plugins.rules) * 1:12265 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX clsid access (browser-plugins.rules) * 1:12267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX function call access (browser-plugins.rules) * 1:12270 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX function call (browser-plugins.rules) * 1:12273 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid access (browser-plugins.rules) * 1:12275 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access (browser-plugins.rules) * 1:12277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption exploit (browser-ie.rules) * 1:12281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX clsid access (browser-plugins.rules) * 1:12446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX function call access (browser-plugins.rules) * 1:12450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX function call access (browser-plugins.rules) * 1:12452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent File Provider ActiveX clsid access (browser-plugins.rules) * 1:12463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Visual Studio Crystal Reports RPT file handling buffer overflow attempt (os-windows.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:12631 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging small offset malformed jpeg tables (os-windows.rules) * 1:12632 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging large offset malformed jpeg tables (os-windows.rules) * 1:12634 <-> DISABLED <-> FILE-IMAGE Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (file-image.rules) * 1:12642 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials (os-windows.rules) * 1:12643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows URI External handler arbitrary command attempt (os-windows.rules) * 1:12664 <-> DISABLED <-> BROWSER-IE Microsoft Windows ShellExecute and Internet Explorer 7 url handling code execution attempt (browser-ie.rules) * 1:12687 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12731 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX function call access (browser-plugins.rules) * 1:12742 <-> DISABLED <-> SERVER-OTHER Apple Quicktime UDP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12768 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:12775 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt (browser-plugins.rules) * 1:12780 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX clsid access attempt (browser-plugins.rules) * 1:12782 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX function call access attempt (browser-plugins.rules) * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:13158 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format interchange data integer overflow attempt (file-multimedia.rules) * 1:13159 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format audio error masking integer overflow attempt (file-multimedia.rules) * 1:13160 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming audio spread error correction data length integer overflow attempt (file-multimedia.rules) * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:13216 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX function call access (browser-plugins.rules) * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13226 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX function call access (browser-plugins.rules) * 1:13269 <-> DISABLED <-> OS-WINDOWS Multiple product nntp uri handling code execution attempt (os-windows.rules) * 1:13270 <-> DISABLED <-> OS-WINDOWS Multiple product news uri handling code execution attempt (os-windows.rules) * 1:13271 <-> DISABLED <-> OS-WINDOWS Multiple product telnet uri handling code execution attempt (os-windows.rules) * 1:13272 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:13298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX function call access (browser-plugins.rules) * 1:13305 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX function call access (browser-plugins.rules) * 1:13316 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing ART buffer overflow attempt (file-multimedia.rules) * 1:13318 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cmt buffer overflow attempt (file-multimedia.rules) * 1:13319 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing des buffer overflow attempt (file-multimedia.rules) * 1:13320 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cpy buffer overflow attempt (file-multimedia.rules) * 1:13323 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX function call access (browser-plugins.rules) * 1:13421 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX function call access (browser-plugins.rules) * 1:13430 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX clsid access (browser-plugins.rules) * 1:13432 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX function call access (browser-plugins.rules) * 1:13434 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13436 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13438 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX clsid access (browser-plugins.rules) * 1:13440 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX function call access (browser-plugins.rules) * 1:13442 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13444 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13448 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine begin buffer overflow attempt (os-windows.rules) * 1:13453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access (browser-ie.rules) * 1:13454 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (browser-ie.rules) * 1:13456 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (browser-ie.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13541 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX function call access (browser-plugins.rules) * 1:13554 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink version string buffer overflow (server-other.rules) * 1:13555 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink remoteID string buffer overflow (server-other.rules) * 1:13580 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components remote code execution attempt ActiveX clsid access (browser-plugins.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13591 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:13605 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX function call access (browser-plugins.rules) * 1:13607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX clsid access (browser-plugins.rules) * 1:13609 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX function call access (browser-plugins.rules) * 1:13623 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX function call access (browser-plugins.rules) * 1:13629 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:13630 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:13633 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:13668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX clsid access (browser-plugins.rules) * 1:13670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX function call access (browser-plugins.rules) * 1:13674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX function call access (browser-plugins.rules) * 1:13699 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:13720 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 3 ActiveX clsid access (browser-plugins.rules) * 1:13722 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 4 ActiveX clsid access (browser-plugins.rules) * 1:13724 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 5 ActiveX clsid access (browser-plugins.rules) * 1:13726 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 6 ActiveX clsid access (browser-plugins.rules) * 1:13728 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 7 ActiveX clsid access (browser-plugins.rules) * 1:13730 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 8 ActiveX clsid access (browser-plugins.rules) * 1:13732 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 9 ActiveX clsid access (browser-plugins.rules) * 1:13736 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 11 ActiveX clsid access (browser-plugins.rules) * 1:13738 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 12 ActiveX clsid access (browser-plugins.rules) * 1:13740 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 13 ActiveX clsid access (browser-plugins.rules) * 1:13742 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 14 ActiveX clsid access (browser-plugins.rules) * 1:13744 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 15 ActiveX clsid access (browser-plugins.rules) * 1:13746 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 16 ActiveX clsid access (browser-plugins.rules) * 1:13748 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 17 ActiveX clsid access (browser-plugins.rules) * 1:13750 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 18 ActiveX clsid access (browser-plugins.rules) * 1:13752 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 19 ActiveX clsid access (browser-plugins.rules) * 1:13754 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 20 ActiveX clsid access (browser-plugins.rules) * 1:13756 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 21 ActiveX clsid access (browser-plugins.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13823 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (file-multimedia.rules) * 1:13824 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:13888 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13889 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13890 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13891 <-> DISABLED <-> SERVER-MSSQL Memory page overwrite attempt (server-mssql.rules) * 1:13892 <-> DISABLED <-> SERVER-MSSQL Convert function style overwrite (server-mssql.rules) * 1:13903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13912 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled attack attempt (browser-ie.rules) * 1:13918 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:13960 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:13963 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:13964 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:14023 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:14027 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14029 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14031 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14040 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (server-other.rules) * 1:14041 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt - 2 (server-other.rules) * 1:14042 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer General Property Page ActiveX clsid access (browser-plugins.rules) * 1:14044 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX function call access (browser-plugins.rules) * 1:14046 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX function call access (browser-plugins.rules) * 1:14048 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX function call access (browser-plugins.rules) * 1:14050 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX function call access (browser-plugins.rules) * 1:14052 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX function call access (browser-plugins.rules) * 1:14257 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft RSClientPrint ActiveX clsid access (browser-plugins.rules) * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:14758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX function call access (browser-plugins.rules) * 1:14762 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:14765 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX function call (browser-plugins.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:14783 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules) * 1:14897 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX function call access (browser-plugins.rules) * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:14990 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Charset header overflow attempt (server-webapp.rules) * 1:15012 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML DLL memory corruption attempt (browser-ie.rules) * 1:15084 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:15086 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX function call access (browser-plugins.rules) * 1:15096 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15102 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call access (browser-plugins.rules) * 1:15109 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 1 ActiveX clsid access (browser-plugins.rules) * 1:15112 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access (browser-plugins.rules) * 1:15146 <-> DISABLED <-> SERVER-OTHER Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15245 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX function call access (browser-plugins.rules) * 1:15256 <-> DISABLED <-> SERVER-ORACLE BPEL process manager XSS injection attempt (server-oracle.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15268 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX function call access (browser-plugins.rules) * 1:15299 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:15303 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (file-office.rules) * 1:15313 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX function call access (browser-plugins.rules) * 1:15358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15430 <-> DISABLED <-> FILE-OTHER Microsoft EMF+ GpFont.SetData buffer overflow attempt (file-other.rules) * 1:15455 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters XST parsing buffer overflow attempt (file-office.rules) * 1:15457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:15459 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted/unitialized object memory corruption attempt (browser-ie.rules) * 1:15460 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX load/unload race condition attempt (browser-ie.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules) * 1:15523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows srvsvc NetrShareEnum netname overflow attempt (os-windows.rules) * 1:15524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15526 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:15529 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain navigation cookie stealing attempt (browser-ie.rules) * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:15588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 1 ActiveX clsid access (browser-plugins.rules) * 1:15590 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 10 ActiveX clsid access (browser-plugins.rules) * 1:15592 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 11 ActiveX clsid access (browser-plugins.rules) * 1:15594 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 12 ActiveX clsid access (browser-plugins.rules) * 1:15596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 13 ActiveX clsid access (browser-plugins.rules) * 1:15598 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 14 ActiveX clsid access (browser-plugins.rules) * 1:15600 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 15 ActiveX clsid access (browser-plugins.rules) * 1:15602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 16 ActiveX clsid access (browser-plugins.rules) * 1:15604 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 17 ActiveX clsid access (browser-plugins.rules) * 1:15606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 18 ActiveX clsid access (browser-plugins.rules) * 1:15608 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 19 ActiveX clsid access (browser-plugins.rules) * 1:15610 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 2 ActiveX clsid access (browser-plugins.rules) * 1:15612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 20 ActiveX clsid access (browser-plugins.rules) * 1:15614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 21 ActiveX clsid access (browser-plugins.rules) * 1:15616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 22 ActiveX clsid access (browser-plugins.rules) * 1:15618 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 23 ActiveX clsid access (browser-plugins.rules) * 1:15620 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 24 ActiveX clsid access (browser-plugins.rules) * 1:15622 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 25 ActiveX clsid access (browser-plugins.rules) * 1:15624 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 26 ActiveX clsid access (browser-plugins.rules) * 1:15626 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 27 ActiveX clsid access (browser-plugins.rules) * 1:15628 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 28 ActiveX clsid access (browser-plugins.rules) * 1:15630 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 29 ActiveX clsid access (browser-plugins.rules) * 1:15632 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 3 ActiveX clsid access (browser-plugins.rules) * 1:15634 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 30 ActiveX clsid access (browser-plugins.rules) * 1:15636 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 31 ActiveX clsid access (browser-plugins.rules) * 1:15640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 33 ActiveX clsid access (browser-plugins.rules) * 1:15642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 34 ActiveX clsid access (browser-plugins.rules) * 1:15644 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 35 ActiveX clsid access (browser-plugins.rules) * 1:15646 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 36 ActiveX clsid access (browser-plugins.rules) * 1:15648 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 37 ActiveX clsid access (browser-plugins.rules) * 1:15650 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 38 ActiveX clsid access (browser-plugins.rules) * 1:15652 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 39 ActiveX clsid access (browser-plugins.rules) * 1:15654 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 4 ActiveX clsid access (browser-plugins.rules) * 1:15656 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 40 ActiveX clsid access (browser-plugins.rules) * 1:15658 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 41 ActiveX clsid access (browser-plugins.rules) * 1:15660 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 42 ActiveX clsid access (browser-plugins.rules) * 1:15662 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 43 ActiveX clsid access (browser-plugins.rules) * 1:15664 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 44 ActiveX clsid access (browser-plugins.rules) * 1:15666 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 45 ActiveX clsid access (browser-plugins.rules) * 1:15668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 5 ActiveX clsid access (browser-plugins.rules) * 1:15671 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX function call (browser-plugins.rules) * 1:15674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 8 ActiveX clsid access (browser-plugins.rules) * 1:15676 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 9 ActiveX clsid access (browser-plugins.rules) * 1:15678 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript (browser-plugins.rules) * 1:15679 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (browser-plugins.rules) * 1:15684 <-> DISABLED <-> OS-WINDOWS Multiple product snews uri handling code execution attempt (os-windows.rules) * 1:15687 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15689 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15691 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15695 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:15703 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15704 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMSS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15705 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PCAST protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15706 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes DAAP protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:15852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Datasource ActiveX clsid access (browser-plugins.rules) * 1:15855 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules) * 1:15894 <-> DISABLED <-> OS-WINDOWS Microsoft Color Management Module remote code execution attempt (os-windows.rules) * 1:15907 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules) * 1:15924 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15949 <-> DISABLED <-> FILE-OTHER McAfee LHA file handling overflow attempt (file-other.rules) * 1:15952 <-> DISABLED <-> SERVER-MYSQL create function libc arbitrary code execution attempt (server-mysql.rules) * 1:15992 <-> DISABLED <-> FILE-OTHER Trend Micro Products Antivirus Library overflow attempt (file-other.rules) * 1:16002 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16003 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16023 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16024 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16043 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html tag memory corruption attempt (browser-ie.rules) * 1:16050 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:16068 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:16073 <-> DISABLED <-> OS-WINDOWS MS-SQL convert function unicode overflow (os-windows.rules) * 1:16074 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16193 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent SMTP AUTH LOGIN command buffer overflow attempt (server-mail.rules) * 1:16194 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16364 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server SQLSTT denial of service attempt (server-other.rules) * 1:16432 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:16521 <-> DISABLED <-> SERVER-OTHER Squid Proxy http version number overflow attempt (server-other.rules) * 1:16578 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder 9 ActiveX buffer overflow attempt (os-windows.rules) * 1:16588 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:16602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow 3 ActiveX exploit via JavaScript (browser-plugins.rules) * 1:16607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX control access attempt (browser-plugins.rules) * 1:16610 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX GetXMLValue method buffer overflow attempt (browser-plugins.rules) * 1:16679 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDIplus integer overflow attempt (os-windows.rules) * 1:16690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16748 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX function call access (browser-plugins.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16762 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX andx attempt (netbios.rules) * 1:16764 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode andx attempt (netbios.rules) * 1:16766 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow andx attempt (netbios.rules) * 1:16777 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16778 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17050 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration Server authentication bypass attempt (server-webapp.rules) * 1:17052 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17053 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17054 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17213 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:17220 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17221 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17222 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17226 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX initialization via script (browser-plugins.rules) * 1:17228 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player skin decompression code execution attempt (os-windows.rules) * 1:17262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17263 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:17272 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer AVI parsing buffer overflow attempt (file-multimedia.rules) * 1:17280 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17313 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17348 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17349 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17374 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17386 <-> DISABLED <-> SERVER-WEBAPP Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (server-webapp.rules) * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules) * 1:17405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:17415 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:17459 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17460 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17464 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:17467 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17468 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17471 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17472 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17474 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17475 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17476 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.PURGE_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17477 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.DROP_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17478 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17479 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17480 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help File Heap Buffer Overflow attempt (file-other.rules) * 1:17498 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17499 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17500 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17501 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17502 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17513 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17514 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17516 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17546 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:17568 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:17570 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17619 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17624 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17626 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:17628 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian object call overflow attempt (netbios.rules) * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 object call overflow attempt (netbios.rules) * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 overflow attempt (netbios.rules) * 1:17643 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServe logger servie null-pointer dereference attempt (server-other.rules) * 1:17644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:17646 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17664 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:17678 <-> DISABLED <-> FILE-IMAGE Adobe BMP image handler buffer overflow attempt (file-image.rules) * 1:17691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17695 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:17736 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:17808 <-> DISABLED <-> FILE-FLASH Adobe Flash authplay.dll memory corruption attempt (file-flash.rules) * 1:18171 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18172 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18173 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18194 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:18250 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products EscapeAttributeValue integer overflow attempt (browser-firefox.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18284 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18296 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:18303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler overflow attempt (browser-ie.rules) * 1:18304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18306 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18313 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:18317 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail RCPT TO proxy overflow attempt (server-mail.rules) * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules) * 1:18476 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:18484 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:18512 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:18518 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:18520 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18521 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors iacenc.dll dll-load exploit attempt (os-windows.rules) * 1:18574 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18591 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:18600 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:18603 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (server-mail.rules) * 1:18616 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18635 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:18710 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules) * 1:18771 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18772 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18800 <-> DISABLED <-> FILE-OTHER Adobe RoboHelp Server Arbitrary File Upload (file-other.rules) * 1:18905 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18906 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18907 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18908 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18909 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18910 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18911 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18912 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18913 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18914 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18915 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18916 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18917 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18918 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18919 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18920 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18921 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18922 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18923 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18924 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18925 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18962 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player content parsing execution attempt (file-flash.rules) * 1:19079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption (browser-ie.rules) * 1:19087 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19088 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19089 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19090 <-> DISABLED <-> SERVER-OTHER CA Discovery Serice Overflow Attempt (server-other.rules) * 1:19293 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:1930 <-> DISABLED <-> PROTOCOL-IMAP auth literal overflow attempt (protocol-imap.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:19599 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_REMOVE_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:19618 <-> DISABLED <-> FILE-OTHER Multiple products dwmapi.dll dll-load exploit attempt (file-other.rules) * 1:19693 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19811 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:19815 <-> DISABLED <-> SERVER-OTHER HP Operations Manager Server Default Credientials in use attempt (server-other.rules) * 1:19892 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System modem string buffer overflow attempt (server-other.rules) * 1:19925 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX client browser plugin call-back-url buffer overflow attempt (browser-plugins.rules) * 1:20071 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID access (browser-plugins.rules) * 1:20204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:20277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:20278 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:20279 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20546 <-> DISABLED <-> SERVER-OTHER BakBone NetVault client heap overflow attempt (server-other.rules) * 1:20552 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20555 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:20576 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:20590 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:20744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt (os-windows.rules) * 1:20878 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:20879 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules) * 1:21003 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html request (malware-cnc.rules) * 1:21004 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html landing page (malware-cnc.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21041 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules) * 1:21042 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?f= (exploit-kit.rules) * 1:21043 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?e= (exploit-kit.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:2105 <-> DISABLED <-> PROTOCOL-IMAP authenticate literal overflow attempt (protocol-imap.rules) * 1:2106 <-> DISABLED <-> PROTOCOL-IMAP lsub overflow attempt (protocol-imap.rules) * 1:21068 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit landing page (exploit-kit.rules) * 1:21069 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit exploit fetch request (exploit-kit.rules) * 1:21070 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit pdf exploit page request (exploit-kit.rules) * 1:21071 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit post-exploit page request (exploit-kit.rules) * 1:21084 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function buffer overflow attempt (server-mssql.rules) * 1:21085 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function unicode buffer overflow attempt (server-mssql.rules) * 1:21096 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit control panel access (exploit-kit.rules) * 1:21097 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit post-exploit download request (exploit-kit.rules) * 1:21098 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit landing page (exploit-kit.rules) * 1:21099 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit malicious pdf request (exploit-kit.rules) * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules) * 1:21156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook VEVENT overflow attempt (file-office.rules) * 1:21186 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21289 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21290 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21298 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint chart webpart XSS attempt (server-webapp.rules) * 1:21309 <-> DISABLED <-> OS-WINDOWS Microsoft product fputlsat.dll dll-load exploit attempt (os-windows.rules) * 1:21310 <-> DISABLED <-> OS-WINDOWS Microsoft product fputlsat.dll dll-load exploit attempt (os-windows.rules) * 1:21343 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21345 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21347 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21348 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules) * 1:21414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21462 <-> DISABLED <-> FILE-JAVA Oracle Java Plugin security bypass (file-java.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21567 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21581 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - BBB (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21647 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:21770 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21771 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21772 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21774 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21775 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21790 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21791 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21794 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:21806 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:21860 <-> ENABLED <-> MALWARE-CNC Phoenix exploit kit post-compromise behavior (malware-cnc.rules) * 1:21874 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - StrReverse (exploit-kit.rules) * 1:21875 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - taskkill (exploit-kit.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21928 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:21931 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21933 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:21942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:21943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:22004 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22005 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22006 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22007 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22008 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22010 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22011 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22012 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:22081 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:22949 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:22951 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt little endian (server-webapp.rules) * 1:23010 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Cisco IOS FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23091 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23093 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23105 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23127 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET xbap STGMEDIUM.unionmember arbitrary number overwrite attempt (file-executable.rules) * 1:23142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23143 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23146 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23150 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed graphic record code execution attempt (file-office.rules) * 1:23153 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23154 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23155 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules) * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23162 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online ncrypt.dll dll-load exploit attempt (os-windows.rules) * 1:23163 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online wlanapi.dll dll-load exploit attempt (os-windows.rules) * 1:23165 <-> DISABLED <-> SERVER-OTHER Microsoft Lync Online wlanapi.dll dll-load exploit attempt (server-other.rules) * 1:23181 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework xbap DataObject object pointer attempt (file-executable.rules) * 1:23211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23228 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX clsid access (browser-plugins.rules) * 1:23240 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:23259 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:23270 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:23272 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23279 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:23283 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX clsid access attempt (browser-plugins.rules) * 1:23287 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23288 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23289 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23290 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23291 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23292 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23293 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23295 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23297 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23299 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23300 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23301 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23302 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23304 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23371 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:23407 <-> DISABLED <-> SERVER-WEBAPP Apple iChat url format string exploit attempt (server-webapp.rules) * 1:23499 <-> DISABLED <-> FILE-OTHER Microsoft Windows CUR file parsing overflow attempt (file-other.rules) * 1:23500 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:23501 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23502 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23503 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23505 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:23506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:23508 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:23509 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:23510 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:23511 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:23512 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules) * 1:23526 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23527 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23528 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:23534 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:23535 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:23536 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:23537 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:23538 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:23539 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:23544 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:23545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:23546 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:23547 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:23548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:23549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:23550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules) * 1:23551 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23554 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23558 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:23559 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:23560 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23561 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:23562 <-> DISABLED <-> FILE-OTHER Microsoft MHTML XSS attempt (file-other.rules) * 1:23563 <-> DISABLED <-> FILE-OTHER Microsoft Windows MHTML XSS attempt (file-other.rules) * 1:23565 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:23567 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:23568 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:23569 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:23570 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:23571 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:23572 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:23573 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:23574 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:23575 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23576 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23579 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:23581 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23582 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules) * 1:23583 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23584 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules) * 1:23585 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:23586 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23587 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23588 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23591 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:23619 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch broken (exploit-kit.rules) * 1:23622 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page request - tkr (exploit-kit.rules) * 1:23623 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:23699 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:23700 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23715 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules) * 1:23716 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:23717 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:23718 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:23781 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:23785 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.floor catch (exploit-kit.rules) * 1:23786 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.round catch (exploit-kit.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23837 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (os-windows.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23848 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23849 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23850 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - hwehes (exploit-kit.rules) * 1:23943 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:23956 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23962 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - fewbgazr catch (exploit-kit.rules) * 1:23992 <-> DISABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules) * 1:24053 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24124 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:24186 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24189 <-> DISABLED <-> FILE-IMAGE XPM file format overflow attempt (file-image.rules) * 1:24197 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:24198 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:24200 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules) * 1:24203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24205 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24220 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24237 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24238 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24272 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24273 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24274 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24275 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24276 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24277 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24278 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24279 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:24280 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24314 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24380 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules) * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules) * 1:24535 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24550 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules) * 1:24556 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24557 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24558 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:24641 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules) * 1:24657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:24672 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:24681 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24682 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24683 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24684 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24685 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24695 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules) * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24728 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24771 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24772 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24815 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:24823 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:24839 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:24840 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - JAR redirection (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24905 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24906 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24915 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24997 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24999 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25000 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:25044 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25051 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit landing page redirection (exploit-kit.rules) * 1:25052 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit Java Exploit requested - 3 digit (exploit-kit.rules) * 1:25053 <-> DISABLED <-> EXPLOIT-KIT Redkit outbound class retrieval (exploit-kit.rules) * 1:25065 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25066 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler variant outbound connection (malware-cnc.rules) * 1:25068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler inbound connection (malware-cnc.rules) * 1:25232 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25233 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:25251 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:25298 <-> DISABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25311 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:25383 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.exe (exploit-kit.rules) * 1:25384 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.exe (exploit-kit.rules) * 1:25385 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.exe (exploit-kit.rules) * 1:25386 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.exe (exploit-kit.rules) * 1:25387 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.exe (exploit-kit.rules) * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25389 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25390 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25391 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit obfuscated payload download (exploit-kit.rules) * 1:25502 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft GDI EMF malformed file buffer overflow attempt (file-multimedia.rules) * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25587 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:25588 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25649 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25797 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:25800 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit Javascript request (exploit-kit.rules) * 1:25802 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit encoded portable executable request (exploit-kit.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:25969 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules) * 1:26066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26067 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26068 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26089 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules) * 1:26109 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:26174 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:26329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:26330 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26338 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr injection detection - leads to exploit kit (exploit-kit.rules) * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules) * 1:26341 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26342 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page - specific structure (exploit-kit.rules) * 1:26343 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26372 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26373 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26453 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE File Stream Buffer Overflow attempt (file-office.rules) * 1:26472 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:26473 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26474 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26475 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26476 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26477 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26478 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26508 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:26535 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page - specific structure (exploit-kit.rules) * 1:26536 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:26564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:26599 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:26600 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:26602 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:26648 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:26649 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:2665 <-> DISABLED <-> PROTOCOL-IMAP login literal format string attempt (protocol-imap.rules) * 1:26663 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:26667 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes playlist overflow attempt (file-multimedia.rules) * 1:26672 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26676 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:26706 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26707 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26708 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26709 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26710 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26711 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed ftCMO record remote code execution attempt (file-office.rules) * 1:26724 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:26799 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26801 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26832 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:26857 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules) * 1:26858 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:26859 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:26861 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:26862 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (file-image.rules) * 1:26863 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:26864 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:26866 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:26978 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:27001 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks Remote Management overflow attempt (server-other.rules) * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27081 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Internet Explorer exploit download - autopwn (exploit-kit.rules) * 1:27082 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit flash remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27166 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27167 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27168 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27215 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint schemes record buffer overflow (file-office.rules) * 1:27216 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint printer record buffer overflow (file-office.rules) * 1:27222 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:27243 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirectAction (server-apache.rules) * 1:27251 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:27271 <-> ENABLED <-> EXPLOIT-KIT iFramer toolkit injected iframe detected - specific structure (exploit-kit.rules) * 1:27544 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected (malware-cnc.rules) * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27548 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:27549 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:27580 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27581 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27584 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27585 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27586 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27587 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27588 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27589 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27590 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27591 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:27635 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:27671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:27695 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27696 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27697 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit successful Java exploit (exploit-kit.rules) * 1:27718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules) * 1:27719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:27757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:27758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:27788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27790 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:27793 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27798 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules) * 1:27799 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:27800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:27865 <-> ENABLED <-> EXPLOIT-KIT Blackholev2/Darkleech exploit kit landing page request (exploit-kit.rules) * 1:27881 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27883 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Oracle Java (exploit-kit.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27886 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27892 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader (exploit-kit.rules) * 1:27893 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27894 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.dll (exploit-kit.rules) * 1:27895 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:27896 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.dll (exploit-kit.rules) * 1:27897 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.dll (exploit-kit.rules) * 1:27898 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.dll (exploit-kit.rules) * 1:27908 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27909 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27945 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules) * 1:27947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:27948 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:28029 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Popads/Nuclear exploit kit jnlp request (exploit-kit.rules) * 1:28108 <-> ENABLED <-> EXPLOIT-KIT Nuclear/Magnitude exploit kit Adobe Flash exploit download attempt (exploit-kit.rules) * 1:28113 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:28124 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:28128 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28228 <-> DISABLED <-> SERVER-WEBAPP Microsoft Interactive Training buffer overflow attempt (server-webapp.rules) * 1:28236 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Nuclear exploit kit landing page (exploit-kit.rules) * 1:28263 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:28311 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28312 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28313 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28314 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28316 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28317 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28318 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28319 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28320 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28321 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28322 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28413 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded redirection attempt (exploit-kit.rules) * 1:28428 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit landing page (exploit-kit.rules) * 1:28429 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit outbound jnlp download attempt (exploit-kit.rules) * 1:28430 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit zip file download (exploit-kit.rules) * 1:28440 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules) * 1:28441 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28442 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28443 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Terminator RAT variant outbound connection (malware-cnc.rules) * 1:28493 <-> ENABLED <-> MALWARE-CNC DeputyDog diskless method outbound connection (malware-cnc.rules) * 1:28612 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Silverlight exploit download (exploit-kit.rules) * 1:28613 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page - specific-structure (exploit-kit.rules) * 1:28614 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:28616 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download attempt (exploit-kit.rules) * 1:28677 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28678 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28686 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Egobot variant outbound connection (malware-cnc.rules) * 1:29032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29066 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit XORed payload download attempt (exploit-kit.rules) * 1:29128 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:29130 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload download attempt (exploit-kit.rules) * 1:29264 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules) * 1:29327 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules) * 1:29328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules) * 1:29329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:29434 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:29435 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29436 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29581 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:29796 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29804 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29805 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29806 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:29937 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:29943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:30037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zaleelq variant outbound connection (malware-cnc.rules) * 1:30232 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:30233 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP append overflow attempt (protocol-imap.rules) * 1:30941 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:31017 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31018 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31031 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31032 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31279 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit decryption page outbound request (exploit-kit.rules) * 1:31296 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules) * 1:31301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31374 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:31420 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31421 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31427 <-> DISABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules) * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:31434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:31437 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:31439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:31462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:31473 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31474 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31475 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:31562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31650 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules) * 1:31716 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Otupsys variant outbound connection (malware-cnc.rules) * 1:31756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:31757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:31758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:31759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules) * 1:31760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31761 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31762 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31777 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:31778 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:31779 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:31780 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:31843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:31844 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:31845 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:31875 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31876 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:32062 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32063 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32064 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:32083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:32094 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:32095 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:32122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules) * 1:32131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32133 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:32136 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:32206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules) * 1:32223 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32224 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32365 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:32532 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:32615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:32625 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules) * 1:32629 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32631 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:32642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules) * 1:32643 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:32644 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:32738 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:32739 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:32754 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:32840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32844 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:32869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:32870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:32871 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:33041 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:33043 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:33044 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33045 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:33115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33198 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:33479 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:33492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33495 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33548 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:33566 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:33575 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33576 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33577 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33578 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33579 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access attempt (browser-plugins.rules) * 1:33582 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:33584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:33585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:33586 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:33589 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33590 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33591 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33601 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:33602 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:33670 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules) * 1:33671 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size2 dos attempt (server-other.rules) * 1:33672 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size3 dos attempt (server-other.rules) * 1:33684 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:33740 <-> DISABLED <-> FILE-IMAGE Microsoft emf file download request (file-image.rules) * 1:33824 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:33827 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33828 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33829 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33979 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:34048 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:34055 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34056 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules) * 1:34135 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:34293 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:34294 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:34632 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules) * 1:3474 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client name overflow (server-other.rules) * 1:3475 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client domain overflow (server-other.rules) * 1:3476 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client domain overflow (server-other.rules) * 1:3477 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client name overflow (server-other.rules) * 1:3478 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client domain overflow (server-other.rules) * 1:3479 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client name overflow (server-other.rules) * 1:3480 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client name overflow (server-other.rules) * 1:3481 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client domain overflow (server-other.rules) * 1:3482 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client name overflow (server-other.rules) * 1:3483 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client domain overflow (server-other.rules) * 1:3484 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client name overflow (server-other.rules) * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:3485 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client domain overflow (server-other.rules) * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:3521 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR CHECKSUMS overflow attempt (server-other.rules) * 1:3524 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR CHECKSUMS attempt (server-other.rules) * 1:3525 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR NETWORK attempt (server-other.rules) * 1:3529 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG client overflow attempt (server-other.rules) * 1:3530 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client name overflow (server-other.rules) * 1:3531 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client domain overflow (server-other.rules) * 1:3553 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM null DHTML element insertion attempt (browser-ie.rules) * 1:35747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules) * 1:36363 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36364 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:3637 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF directory traversal attempt (server-other.rules) * 1:36431 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36432 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:36559 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36560 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:3659 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 buffer overflow attempt (server-other.rules) * 1:3660 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 little endian buffer overflow attempt (server-other.rules) * 1:3661 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 buffer overflow attempt (server-other.rules) * 1:3662 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 little endian buffer overflow attempt (server-other.rules) * 1:3663 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 buffer overflow attempt (server-other.rules) * 1:36644 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36645 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36646 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:36782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:36783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:37029 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37030 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37031 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37034 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37035 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:37294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:37423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:3822 <-> DISABLED <-> SERVER-WEBAPP RealNetworks RealPlayer realtext long URI request attempt (server-webapp.rules) * 1:38576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:38670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:39601 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39602 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39603 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39604 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39605 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39606 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39608 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39609 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39610 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39611 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39612 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39613 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39614 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39616 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39617 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39618 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39619 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39620 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39621 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39622 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39623 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39624 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39625 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39626 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39627 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39628 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39629 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39630 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39631 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39632 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39870 <-> DISABLED <-> INDICATOR-COMPROMISE Oracle E-Business Suite arbitrary node deletion (indicator-compromise.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:40243 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40244 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40245 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40246 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40247 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40248 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules) * 1:41094 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:4129 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent large login packet DoS attempt (server-other.rules) * 1:4172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent v1.5 ActiveX clsid access (browser-plugins.rules) * 1:41728 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41729 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41730 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41731 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:43337 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43338 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:43698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:43699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:43830 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43831 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43989 <-> DISABLED <-> INDICATOR-OBFUSCATION newlines embedded in rtf header (indicator-obfuscation.rules) * 1:43990 <-> DISABLED <-> INDICATOR-OBFUSCATION RTF obfuscation string (indicator-obfuscation.rules) * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44146 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:44147 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:44188 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:44281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44283 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44284 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:44296 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:44455 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:44456 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:44729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:44730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:45142 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45143 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45148 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45154 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:4826 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (os-windows.rules) * 1:4890 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer IAVIStream & IAVIFile Proxy ActiveX object access (browser-plugins.rules) * 1:4891 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer cfw Class ActiveX object access (browser-plugins.rules) * 1:4892 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MTSEvents Class ActiveX object access (browser-plugins.rules) * 1:4893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Trident HTMLEditor ActiveX object access (browser-plugins.rules) * 1:4894 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSEnumVariant ActiveX object access (browser-plugins.rules) * 1:4895 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeInfo ActiveX object access (browser-plugins.rules) * 1:4896 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeLib ActiveX object access (browser-plugins.rules) * 1:4897 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSOAInterface ActiveX object access (browser-plugins.rules) * 1:4898 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeComp ActiveX object access (browser-plugins.rules) * 1:4900 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Outlook Progress Ctl ActiveX object access (browser-plugins.rules) * 1:4901 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR Allocator Presenter 9 ActiveX object access (browser-plugins.rules) * 1:4902 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Mixing Renderer 9 ActiveX object access (browser-plugins.rules) * 1:4903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR ImageSync 9 ActiveX object access (browser-plugins.rules) * 1:4904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Alias ActiveX object access (browser-plugins.rules) * 1:4905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Object ActiveX object access (browser-plugins.rules) * 1:4906 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Interface Definition ActiveX object access (browser-plugins.rules) * 1:4907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Collection Definition ActiveX object access (browser-plugins.rules) * 1:4908 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Method Definition ActiveX object access (browser-plugins.rules) * 1:4909 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Property Definition ActiveX object access (browser-plugins.rules) * 1:4910 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Relationship Definition ActiveX object access (browser-plugins.rules) * 1:4911 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Type Library ActiveX object access (browser-plugins.rules) * 1:4912 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Root ActiveX object access (browser-plugins.rules) * 1:4913 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Workspace ActiveX object access (browser-plugins.rules) * 1:4914 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Script Definition ActiveX object access (browser-plugins.rules) * 1:4915 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shortcut Handler ActiveX object access (browser-plugins.rules) * 1:4986 <-> DISABLED <-> SERVER-WEBAPP Twiki view rev command injection attempt (server-webapp.rules) * 1:4987 <-> DISABLED <-> SERVER-WEBAPP Twiki viewfile rev command injection attempt (server-webapp.rules) * 1:5319 <-> DISABLED <-> OS-WINDOWS Microsoft Windows picture and fax viewer wmf arbitrary code execution attempt (os-windows.rules) * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:5705 <-> DISABLED <-> PROTOCOL-IMAP CAPABILITY overflow attempt (protocol-imap.rules) * 1:5711 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player zero length bitmap heap overflow attempt (file-image.rules) * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules) * 1:6412 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book attachment detected (server-mail.rules) * 1:6413 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book Base64 encoded attachment detected (server-mail.rules) * 1:6502 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - ANIMEXTS1.0 (file-image.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:6510 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri shortcut buffer overflow attempt (browser-ie.rules) * 1:6690 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules) * 1:6691 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:6693 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:6694 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:6696 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:6698 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:6699 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:6701 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:7003 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX function call access (browser-plugins.rules) * 1:7028 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7029 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:7036 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:7037 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:7038 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:7039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:7040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:7041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:7042 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:7207 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION SQL injection attempt (server-oracle.rules) * 1:7208 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA access attempt (server-oracle.rules) * 1:7210 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules) * 1:7425 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 9x8Resize ActiveX clsid access (browser-plugins.rules) * 1:7427 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Allocator Fix ActiveX clsid access (browser-plugins.rules) * 1:7429 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Bitmap ActiveX clsid access (browser-plugins.rules) * 1:7431 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectFrame.DirectControl.1 ActiveX clsid access (browser-plugins.rules) * 1:7433 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectX Transform Wrapper Property Page ActiveX clsid access (browser-plugins.rules) * 1:7436 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX function call (browser-plugins.rules) * 1:7437 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Frame Eater ActiveX clsid access (browser-plugins.rules) * 1:7439 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Help ActiveX clsid access (browser-plugins.rules) * 1:7442 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mmAEPlugIn.AEPlugIn.1 ActiveX clsid access (browser-plugins.rules) * 1:7444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Mmedia.AsyncMHandler.1 ActiveX clsid access (browser-plugins.rules) * 1:7446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Record Queue ActiveX clsid access (browser-plugins.rules) * 1:7448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ShotDetect ActiveX clsid access (browser-plugins.rules) * 1:7450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Stetch ActiveX clsid access (browser-plugins.rules) * 1:7452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM Color Converter Filter ActiveX clsid access (browser-plugins.rules) * 1:7454 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2ae.dll ActiveX clsid access (browser-plugins.rules) * 1:7456 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxa.dll ActiveX clsid access (browser-plugins.rules) * 1:7458 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxb.dll ActiveX clsid access (browser-plugins.rules) * 1:7460 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Audio Analyzer ActiveX clsid access (browser-plugins.rules) * 1:7462 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Black Frame Generator ActiveX clsid access (browser-plugins.rules) * 1:7464 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Filter ActiveX clsid access (browser-plugins.rules) * 1:7466 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Prop Page ActiveX clsid access (browser-plugins.rules) * 1:7468 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DirectX Transform Wrapper ActiveX clsid access (browser-plugins.rules) * 1:7470 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DV Extract Filter ActiveX clsid access (browser-plugins.rules) * 1:7472 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion Prop Page ActiveX clsid access (browser-plugins.rules) * 1:7474 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion ActiveX clsid access (browser-plugins.rules) * 1:7476 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Import Filter ActiveX clsid access (browser-plugins.rules) * 1:7478 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Interlacer ActiveX clsid access (browser-plugins.rules) * 1:7480 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Log Filter ActiveX clsid access (browser-plugins.rules) * 1:7482 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT MuxDeMux Filter ActiveX clsid access (browser-plugins.rules) * 1:7484 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Sample Info Filter ActiveX clsid access (browser-plugins.rules) * 1:7486 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen Capture Filter Task Page ActiveX clsid access (browser-plugins.rules) * 1:7488 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen capture Filter ActiveX clsid access (browser-plugins.rules) * 1:7490 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Switch Filter ActiveX clsid access (browser-plugins.rules) * 1:7492 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Renderer ActiveX clsid access (browser-plugins.rules) * 1:7494 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Source ActiveX clsid access (browser-plugins.rules) * 1:7496 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Volume ActiveX clsid access (browser-plugins.rules) * 1:7498 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM TV Out Smooth Picture Filter ActiveX clsid access (browser-plugins.rules) * 1:7500 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM VIH2 Fix ActiveX clsid access (browser-plugins.rules) * 1:7862 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsAppExpired ActiveX function call access (browser-plugins.rules) * 1:7863 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsOldAppInstalled ActiveX function call access (browser-plugins.rules) * 1:7866 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Connection ActiveX clsid access (browser-plugins.rules) * 1:7868 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX clsid access (browser-plugins.rules) * 1:7870 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 9.0 ActiveX clsid access (browser-plugins.rules) * 1:7914 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX clsid access (browser-plugins.rules) * 1:7928 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer file or local Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7934 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ftp Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7938 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer gopher Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7942 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer http Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7944 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer https Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7958 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mk Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7978 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX clsid access (browser-plugins.rules) * 1:7981 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:8060 <-> DISABLED <-> SERVER-OTHER UltraVNC VNCLog buffer overflow (server-other.rules) * 1:8377 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8381 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8383 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8385 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX clsid access (browser-plugins.rules) * 1:8387 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8389 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8405 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ActiveX clsid access (browser-plugins.rules) * 1:8409 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX clsid access (browser-plugins.rules) * 1:8425 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access (browser-plugins.rules) * 1:8740 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX function call access (browser-plugins.rules) * 1:8846 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Character Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8848 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8850 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX clsid access (browser-plugins.rules) * 1:8854 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX function call access (browser-plugins.rules) * 1:8856 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v1.5 ActiveX function call access (browser-plugins.rules) * 1:9131 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX function call access (browser-plugins.rules) * 1:9132 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (os-windows.rules) * 1:9228 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (os-windows.rules) * 1:9421 <-> ENABLED <-> MALWARE-OTHER zotob attempt (malware-other.rules) * 1:9432 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9433 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9441 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath overflow attempt (netbios.rules) * 1:9634 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP (server-other.rules) * 1:9635 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP (server-other.rules) * 1:9636 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP (server-other.rules) * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules) * 1:9848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (os-windows.rules)