This SRU number: 2014-09-17-002
Previous SRU number: 2014-09-15-001
Applies to:
This SEU number: 1172
Previous SEU: 1170
Applies to:
This is the complete list of rules modified in SRU 2014-09-17-002 and SEU 1172.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 20534 | FILE-OFFICE | Microsoft Office Excel rtToolbarDef record integer overflow attempt | off | off | off |
| 1 | 22077 | FILE-OFFICE | Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt | off | drop | drop |
| 1 | 27858 | FILE-OFFICE | Microsoft Office Word malformed OCXINFO element EoP attempt | off | drop | drop |
| 1 | 27859 | FILE-OFFICE | Microsoft Office Word malformed OCXINFO element EoP attempt | off | drop | drop |
| 1 | 27945 | FILE-OFFICE | Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt | off | drop | drop |
| 1 | 28205 | FILE-OFFICE | Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt | off | drop | drop |
| 1 | 28206 | FILE-OFFICE | Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt | off | drop | drop |
| 1 | 28549 | FILE-OFFICE | Microsoft Office Excel rtToolbarDef record integer overflow attempt | off | off | off |
| 1 | 28550 | FILE-OFFICE | Microsoft Office Excel rtToolbarDef record integer overflow attempt | off | off | off |
| 1 | 29723 | FILE-OFFICE | Microsoft Office Word invalid sprmPNumRM record | off | off | drop |
| 1 | 29724 | FILE-OFFICE | Microsoft Office Word invalid sprmPNumRM record | off | off | drop |
| 1 | 29725 | FILE-OFFICE | Microsoft Office Word invalid sprmPNumRM record | off | off | drop |
| 1 | 29726 | FILE-OFFICE | Microsoft Office Word invalid sprmPNumRM record | off | off | drop |
| 1 | 31125 | FILE-OFFICE | Microsoft Office Excel rtToolbarDef record integer overflow attempt | off | off | off |
| 1 | 31126 | FILE-OFFICE | Microsoft Office Excel rtToolbarDef record integer overflow attempt | off | off | off |
| 1 | 31127 | FILE-OFFICE | Microsoft Office Excel rtToolbarDef record integer overflow attempt | off | off | off |
| 1 | 31276 | EXPLOIT-KIT | CottonCastle exploit kit Adobe flash outbound connection | drop | drop | drop |
| 1 | 31712 | MALWARE-CNC | Win.Trojan.Ragua variant outbound connection | off | drop | drop |
| 1 | 31713 | MALWARE-CNC | Win.Trojan.Ragua variant outbound connection | off | drop | drop |
| 1 | 31714 | MALWARE-CNC | Win.Trojan.Ragua variant outbound connection | off | drop | drop |
| 1 | 31751 | FILE-OFFICE | Microsoft Office Outlook mailto injection attempt | off | off | off |
| 1 | 31752 | FILE-OFFICE | Microsoft Office Outlook mailto injection attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 26379 | SERVER-OTHER | Squid proxy Accept-Language denial of service attempt | off | off | off |
| 3 | 30884 | PROTOCOL-VOIP | Cisco MXP Telepresence gssapi-data unauthenticated denial of service attempt | off | off | off |