* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-03-27-002
Previous SRU number: 2017-03-22-001
Applies to:
This SEU number: 1638
Previous SEU: 1633
Applies to:
This is the complete list of rules added in SRU 2017-03-27-002 and SEU 1638.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 35828 | FILE-OTHER | OpenOffice Starview metafile arbitrary read write attempt | off | off | off |
| 1 | 35829 | FILE-OTHER | OpenOffice Starview metafile arbitrary read write attempt | off | off | off |
| 1 | 36212 | FILE-OTHER | Libgraphite LocaLookup out-of-bounds read attempt | off | drop | drop |
| 1 | 36213 | FILE-OTHER | Libgraphite LocaLookup out-of-bounds read attempt | off | drop | drop |
| 1 | 36216 | FILE-OTHER | libgraphite TTF opcode handling out of bounds read attempt | off | off | drop |
| 1 | 36217 | FILE-OTHER | libgraphite TTF opcode handling out of bounds read attempt | off | off | drop |
| 1 | 36385 | FILE-OTHER | SIL LibGraphite BracketPairStack out of bounds access exploit attempt | off | drop | drop |
| 1 | 36386 | FILE-OTHER | SIL LibGraphite BracketPairStack out of bounds access exploit attempt | off | drop | drop |
| 1 | 36387 | FILE-OTHER | Libgraphite context item handling arbitrary code execution attempt | off | off | drop |
| 1 | 36388 | FILE-OTHER | Libgraphite context item handling arbitrary code execution attempt | off | off | drop |
| 1 | 37493 | FILE-OTHER | lhasa decode_level3_header heap corruption attempt | off | off | drop |
| 1 | 37494 | FILE-OTHER | lhasa decode_level3_header heap corruption attempt | off | off | drop |
| 1 | 37495 | FILE-PDF | IBM Domino KeyView PDF filter compressed stream length code execution attempt | off | off | off |
| 1 | 37496 | FILE-PDF | IBM Domino KeyView PDF filter compressed stream length code execution attempt | off | off | off |
| 1 | 37497 | FILE-PDF | IBM Domino KeyView PDF filter encrypted stream code execution attempt | off | off | off |
| 1 | 37498 | FILE-PDF | IBM Domino KeyView PDF filter encrypted stream code execution attempt | off | off | off |
| 1 | 37499 | FILE-PDF | IBM Domino KeyView PDF Filter Basefont string overflow attempt | off | off | off |
| 1 | 37500 | FILE-PDF | IBM Domino KeyView PDF Filter Basefont string overflow attempt | off | off | off |
| 1 | 37501 | FILE-PDF | IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt | off | off | off |
| 1 | 37502 | FILE-PDF | IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt | off | off | off |
| 1 | 37517 | FILE-OTHER | Apple OSX local privilege escalation attempt | off | off | drop |
| 1 | 37518 | FILE-OTHER | Apple OSX local privilege escalation attempt | off | off | drop |
| 1 | 37519 | FILE-OTHER | Intel HD Graphics Windows kernel driver local privilege escalation attempt | off | off | drop |
| 1 | 37520 | FILE-OTHER | Intel HD Graphics Windows kernel driver local privilege escalation attempt | off | off | drop |
| 1 | 37862 | FILE-PDF | Oracle Outside In libvs_pdf integer overflow attempt | off | off | off |
| 1 | 37863 | FILE-PDF | Oracle Outside In libvs_pdf integer overflow attempt | off | off | off |
| 1 | 37864 | FILE-PDF | Oracle Outside In libvs_pdf xref offset out of bounds read attempt | off | off | off |
| 1 | 37865 | FILE-PDF | Oracle Outside In libvs_pdf xref offset out of bounds read attempt | off | off | off |
| 1 | 37868 | FILE-PDF | Oracle Outside In libvs_pdf integer overflow attempt | off | off | off |
| 1 | 37869 | FILE-PDF | Oracle Outside In libvs_pdf integer overflow attempt | off | off | off |
| 1 | 38289 | FILE-PDF | Oracle IOT IX SDK libvs_pdf null pointer dereference attempt | off | off | off |
| 1 | 38290 | FILE-PDF | Oracle IOT IX SDK libvs_pdf null pointer dereference attempt | off | off | off |
| 1 | 38293 | FILE-OTHER | 7zip UDF partition reference out of bounds read attempt | off | off | off |
| 1 | 38294 | FILE-OTHER | 7zip UDF partition reference out of bounds read attempt | off | off | off |
| 1 | 38295 | FILE-OTHER | 7zip UDF partition reference out of bounds read attempt | off | off | off |
| 1 | 38296 | FILE-OTHER | 7zip UDF partition reference out of bounds read attempt | off | off | off |
| 1 | 38323 | FILE-OTHER | 7zip HFS+ handling heap buffer overflow attempt | off | off | off |
| 1 | 38324 | FILE-OTHER | 7zip HFS+ handling heap buffer overflow attempt | off | off | off |
| 1 | 38342 | FILE-PDF | Oracle Outside In libvs_pdf Root xref stack exhaustion attempt | off | off | off |
| 1 | 38343 | FILE-PDF | Oracle Outside In libvs_pdf Root xref stack exhaustion attempt | off | off | off |
| 1 | 38344 | SERVER-OTHER | Pidgin MXIT is operation null pointer dereference attempt | off | off | off |
| 1 | 38345 | SERVER-OTHER | Pidgin MXIT is operation null pointer dereference attempt | off | off | off |
| 1 | 38545 | SERVER-OTHER | Pidgin mxit_update_contact out of bounds read attempt | off | off | off |
| 1 | 38546 | SERVER-OTHER | Pidgin MXIT table markup command out of bounds read attempt | off | off | off |
| 1 | 38547 | SERVER-OTHER | Pidgin MXIT table markup command out of bounds read attempt | off | off | off |
| 1 | 38548 | SERVER-OTHER | Pidgin MXIT protocol handling null pointer dereference attempt | off | off | off |
| 1 | 38549 | SERVER-OTHER | Pidgin mxit_parse_cmd_extprofile out of bounds read attempt | off | off | off |
| 1 | 38550 | SERVER-OTHER | Pidgin MXIT protocol handling splash_remove directory traversal attempt | off | off | off |
| 1 | 38551 | SERVER-OTHER | Pidgin MXIT protocol handling splash_remove directory traversal attempt | off | off | off |
| 1 | 38578 | SERVER-OTHER | Pidgin multimx_message_received out of bounds read attempt | off | off | off |
| 1 | 38583 | SERVER-OTHER | Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt | off | off | off |
| 1 | 38627 | FILE-OTHER | libarchive zip_read_mac_metadata heap buffer overflow attempt | off | off | drop |
| 1 | 38628 | FILE-OTHER | libarchive zip_read_mac_metadata heap buffer overflow attempt | off | off | drop |
| 1 | 38856 | FILE-OTHER | Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt | off | off | off |
| 1 | 38857 | FILE-OTHER | Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt | off | off | off |
| 1 | 38858 | FILE-OTHER | Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt | off | off | off |
| 1 | 38859 | FILE-OTHER | Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt | off | off | off |
| 1 | 38860 | FILE-OTHER | Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt | off | drop | drop |
| 1 | 38861 | FILE-OTHER | Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt | off | drop | drop |
| 1 | 38867 | SERVER-OTHER | Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt | off | off | off |
| 1 | 38868 | FILE-OTHER | Hancom Hangul Office HShow integer-based heap buffer overflow attempt | off | drop | drop |
| 1 | 38869 | FILE-OTHER | Hancom Hangul Office HShow integer-based heap buffer overflow attempt | off | drop | drop |
| 1 | 38870 | SERVER-OTHER | Pidgin mxit_chunk_parse_cr out of bounds read attempt | off | off | off |
| 1 | 39034 | FILE-OTHER | libarchive mtree parse_device stack buffer overflow attempt | off | off | off |
| 1 | 39035 | FILE-OTHER | libarchive mtree parse_device stack buffer overflow attempt | off | off | off |
| 1 | 39045 | FILE-OTHER | libarchive RAR RestartModel out of bounds write attempt | off | off | off |
| 1 | 39046 | FILE-OTHER | libarchive RAR RestartModel out of bounds write attempt | off | off | off |
| 1 | 39047 | FILE-EXECUTABLE | Kaspersky Internet Security kl1.sys out of bounds read attempt | off | off | off |
| 1 | 39048 | FILE-EXECUTABLE | Kaspersky Internet Security kl1.sys out of bounds read attempt | off | off | off |
| 1 | 39049 | FILE-OFFICE | Hancom Hangul Office NXDeleteLineObj memory corruption attempt | off | off | off |
| 1 | 39050 | FILE-OFFICE | Hancom Hangul Office NXDeleteLineObj memory corruption attempt | off | off | off |
| 1 | 39110 | FILE-OFFICE | Hancom Hangul Office HCell HncChart out of bounds write attempt | off | off | off |
| 1 | 39111 | FILE-OFFICE | Hancom Hangul Office HCell HncChart out of bounds write attempt | off | off | off |
| 1 | 39148 | FILE-OFFICE | Document Foundation LibreOffice RTF stylesheet use after free attempt | off | drop | drop |
| 1 | 39149 | FILE-OFFICE | Document Foundation LibreOffice RTF stylesheet use after free attempt | off | drop | drop |
| 1 | 39150 | SERVER-OTHER | Pidgin MXIT negative message length underflow attempt | off | off | off |
| 1 | 39151 | SERVER-OTHER | Pidgin MXIT message length overflow attempt | off | off | off |
| 1 | 39161 | FILE-PDF | Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt | off | drop | drop |
| 1 | 39162 | FILE-PDF | Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt | off | drop | drop |
| 1 | 39593 | FILE-IMAGE | Oracle OIT BMP file parsing heap buffer overflow attempt | off | off | off |
| 1 | 39594 | FILE-IMAGE | Oracle OIT BMP file parsing heap buffer overflow attempt | off | off | off |
| 1 | 39595 | FILE-IMAGE | Oracle OIT BMP file parsing heap buffer overflow attempt | off | off | off |
| 1 | 39596 | FILE-IMAGE | Oracle OIT BMP file parsing heap buffer overflow attempt | off | off | off |
| 1 | 39597 | FILE-MULTIMEDIA | Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt | off | off | off |
| 1 | 39598 | FILE-MULTIMEDIA | Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt | off | off | off |
| 1 | 39599 | FILE-IMAGE | Apple OSX EXR image tile size heap buffer overflow attempt | off | off | off |
| 1 | 39600 | FILE-IMAGE | Apple OSX EXR image tile size heap buffer overflow attempt | off | off | off |
| 1 | 39601 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39602 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39603 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39604 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39605 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39606 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39607 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39608 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39609 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39610 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39611 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39612 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39613 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39614 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39615 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39616 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39617 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39618 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39619 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39620 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39621 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39622 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39623 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39624 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39625 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39626 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39627 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39628 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39629 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39630 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39631 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39632 | FILE-IMAGE | Apple OSX and iOS TIFF tile size buffer overflow attempt | off | off | drop |
| 1 | 39634 | FILE-IMAGE | Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt | off | off | drop |
| 1 | 39635 | FILE-IMAGE | Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt | off | off | drop |
| 1 | 39660 | FILE-OTHER | Oracle OIT gem metafile n_integers heap buffer overflow attempt | off | off | off |
| 1 | 39661 | FILE-OTHER | Oracle OIT gem metafile n_integers heap buffer overflow attempt | off | off | off |
| 1 | 39663 | FILE-OTHER | Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt | off | off | off |
| 1 | 39664 | FILE-OTHER | Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt | off | off | off |
| 1 | 39665 | FILE-OTHER | Oracle OIT libvs_word ContentAccess out of bounds write attempt | off | off | off |
| 1 | 39666 | FILE-OTHER | Oracle OIT libvs_word ContentAccess out of bounds write attempt | off | off | off |
| 1 | 39667 | FILE-OTHER | Oracle OIT libvs_word ContentAccess out of bounds write attempt | off | off | off |
| 1 | 39668 | FILE-OTHER | Oracle OIT libvs_word ContentAccess out of bounds write attempt | off | off | off |
| 1 | 39671 | FILE-OTHER | Oracle OIT libvs_word ContentAccess out of bounds write attempt | off | off | off |
| 1 | 39672 | FILE-OTHER | Oracle OIT libvs_word ContentAccess out of bounds write attempt | off | off | off |
| 1 | 39673 | FILE-IMAGE | Oracle OIT CYMK TIFF parsing heap buffer overflow attempt | off | off | off |
| 1 | 39674 | FILE-IMAGE | Oracle OIT CYMK TIFF parsing heap buffer overflow attempt | off | off | off |
| 1 | 39675 | FILE-IMAGE | Oracle OIT CYMK TIFF parsing heap buffer overflow attempt | off | off | off |
| 1 | 39676 | FILE-IMAGE | Oracle OIT CYMK TIFF parsing heap buffer overflow attempt | off | off | off |
| 1 | 39757 | FILE-OFFICE | Hancom Hangul HCell TableStyle record heap buffer overflow attempt | off | off | off |
| 1 | 39758 | FILE-OFFICE | Hancom Hangul HCell TableStyle record heap buffer overflow attempt | off | off | off |
| 1 | 39759 | FILE-OFFICE | Hancom Hangul HCell TableStyle record heap buffer overflow attempt | off | off | off |
| 1 | 39760 | FILE-OFFICE | Hancom Hangul HCell TableStyle record heap buffer overflow attempt | off | off | off |
| 1 | 39761 | FILE-OFFICE | Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt | off | off | off |
| 1 | 39762 | FILE-OFFICE | Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt | off | off | off |
| 1 | 39877 | PROTOCOL-SNMP | Allen-Bradley MicroLogix PLC firmware update detected | off | off | off |
| 1 | 39883 | FILE-IMAGE | FreeImage library XPM handling out of bounds write attempt | off | off | drop |
| 1 | 39884 | FILE-IMAGE | FreeImage library XPM handling out of bounds write attempt | off | off | drop |
| 1 | 40125 | FILE-OTHER | Ichitaro Office Excel TxO record heap overflow attempt | off | off | off |
| 1 | 40126 | FILE-OTHER | Ichitaro Office Excel TxO record heap overflow attempt | off | off | off |
| 1 | 40314 | FILE-IMAGE | OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt | off | off | drop |
| 1 | 40315 | FILE-IMAGE | OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt | off | off | drop |
| 1 | 40336 | FILE-PDF | Iceni Argus ipfSetColourStroke stack buffer overflow attempt | off | off | drop |
| 1 | 40337 | FILE-PDF | Iceni Argus ipfSetColourStroke stack buffer overflow attempt | off | off | drop |
| 1 | 40468 | SERVER-OTHER | Memcached append opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40469 | SERVER-OTHER | Memcached append opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40470 | SERVER-OTHER | Memcached prepend opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40471 | SERVER-OTHER | Memcached prepend opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40472 | SERVER-OTHER | Memcached appendq opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40473 | SERVER-OTHER | Memcached appendq opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40474 | SERVER-OTHER | Memcached prependq opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40475 | SERVER-OTHER | Memcached prependq opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40476 | SERVER-OTHER | Memcached set opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40477 | SERVER-OTHER | Memcached setq opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40478 | SERVER-OTHER | Memcached add opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40479 | SERVER-OTHER | Memcached addq opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40480 | SERVER-OTHER | Memcached replace opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40481 | SERVER-OTHER | Memcached replaceq opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40482 | SERVER-OTHER | Memcached SASL auth opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40483 | SERVER-OTHER | Memcached SASL auth opcode request heap buffer overflow attempt | off | off | drop |
| 1 | 40484 | FILE-PDF | Iceni Argus ipNameAdd stack buffer overflow attempt | off | off | off |
| 1 | 40485 | FILE-PDF | Iceni Argus ipNameAdd stack buffer overflow attempt | off | off | off |
| 1 | 40486 | FILE-PDF | Iceni Argus ipNameAdd stack buffer overflow attempt | off | off | off |
| 1 | 40487 | FILE-PDF | Iceni Argus ipNameAdd stack buffer overflow attempt | off | off | off |
| 1 | 40488 | FILE-EXECUTABLE | Hopper Disassembler ELF section header memory corruption attempt | off | off | drop |
| 1 | 40489 | FILE-EXECUTABLE | Hopper Disassembler ELF section header memory corruption attempt | off | off | drop |
| 1 | 40490 | FILE-OFFICE | JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt | off | off | drop |
| 1 | 40491 | FILE-OFFICE | JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt | off | off | drop |
| 1 | 40525 | FILE-IMAGE | LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt | off | off | off |
| 1 | 40526 | FILE-IMAGE | LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt | off | off | off |
| 1 | 40533 | FILE-IMAGE | LibTIFF FAX IFD entry parsing type confusion attempt | off | off | off |
| 1 | 40534 | FILE-IMAGE | LibTIFF FAX IFD entry parsing type confusion attempt | off | off | off |
| 1 | 40535 | FILE-IMAGE | LibTIFF FAX IFD entry parsing type confusion attempt | off | off | off |
| 1 | 40536 | FILE-IMAGE | LibTIFF FAX IFD entry parsing type confusion attempt | off | off | off |
| 1 | 40537 | FILE-IMAGE | LibTIFF FAX IFD entry parsing type confusion attempt | off | off | off |
| 1 | 40538 | FILE-IMAGE | LibTIFF FAX IFD entry parsing type confusion attempt | off | off | off |
| 1 | 40539 | FILE-IMAGE | LibTIFF PixarLogDecode heap buffer overflow attempt | off | off | drop |
| 1 | 40540 | FILE-IMAGE | LibTIFF PixarLogDecode heap buffer overflow attempt | off | off | drop |
| 1 | 40756 | FILE-PDF | Nitro Pro PDF Font Widths tag out of bounds read attempt | off | off | drop |
| 1 | 40757 | FILE-PDF | Nitro Pro PDF Font Widths tag out of bounds read attempt | off | off | drop |
| 1 | 40773 | FILE-PDF | Oracle Outside In Technology remote code execution attempt | off | off | off |
| 1 | 40774 | FILE-PDF | Oracle Outside In Technology remote code execution attempt | off | off | off |
| 1 | 40776 | FILE-PDF | Nitro Pro out of bounds memory write attempt | off | drop | drop |
| 1 | 40777 | FILE-PDF | Nitro Pro out of bounds memory write attempt | off | drop | drop |
| 1 | 40791 | FILE-OTHER | HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt | off | off | drop |
| 1 | 40792 | FILE-OTHER | HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt | off | off | drop |
| 1 | 40793 | FILE-OTHER | HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt | off | off | drop |
| 1 | 40794 | FILE-OTHER | HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt | off | off | drop |
| 1 | 40801 | FILE-OTHER | HDF5 H5Z_NBIT filter heap buffer overflow attempt | off | off | drop |
| 1 | 40802 | FILE-OTHER | HDF5 H5Z_NBIT filter heap buffer overflow attempt | off | off | drop |
| 1 | 40803 | FILE-OTHER | HDF5 H5O_dtype_decode_helper heap buffer overflow attempt | off | drop | drop |
| 1 | 40804 | FILE-OTHER | HDF5 H5O_dtype_decode_helper heap buffer overflow attempt | off | drop | drop |
| 1 | 40805 | FILE-OTHER | HDF5 object modification time out of bounds write attempt | off | off | drop |
| 1 | 40806 | FILE-OTHER | HDF5 object modification time out of bounds write attempt | off | off | drop |
| 1 | 40807 | FILE-OTHER | HDF5 symbol table message out of bounds write attempt | off | off | drop |
| 1 | 40808 | FILE-OTHER | HDF5 symbol table message out of bounds write attempt | off | off | drop |
| 1 | 40809 | FILE-OTHER | HDF5 new object modification time out of bounds write attempt | off | off | drop |
| 1 | 40810 | FILE-OTHER | HDF5 new object modification time out of bounds write attempt | off | off | drop |
| 1 | 40872 | FILE-PDF | Iceni Argus loadTrailer heap corruption attempt | off | off | off |
| 1 | 40873 | FILE-PDF | Iceni Argus loadTrailer heap corruption attempt | off | off | off |
| 1 | 40874 | FILE-PDF | Iceni Argus icnChainAlloc heap corruption attempt | off | off | off |
| 1 | 40875 | FILE-PDF | Iceni Argus icnChainAlloc heap corruption attempt | off | off | off |
| 1 | 40894 | FILE-OTHER | R Project PDF encoding buffer overflow attempt | off | off | off |
| 1 | 40895 | FILE-OTHER | R Project PDF encoding buffer overflow attempt | off | off | off |
| 1 | 40898 | OS-OTHER | Joyent SmartOS ioctl integer underflow attempt | off | drop | drop |
| 1 | 40899 | OS-OTHER | Joyent SmartOS ioctl integer underflow attempt | off | drop | drop |
| 1 | 40900 | OS-OTHER | Joyent SmartOS file system name buffer overflow attempt | off | drop | drop |
| 1 | 40901 | OS-OTHER | Joyent SmartOS file system name buffer overflow attempt | off | drop | drop |
| 1 | 40902 | OS-OTHER | Joyent SmartOS file system path buffer overflow attempt | off | drop | drop |
| 1 | 40903 | OS-OTHER | Joyent SmartOS file system path buffer overflow attempt | off | drop | drop |
| 1 | 40917 | FILE-PDF | Iceni Argus PDF uninitialized WordStyle color length code overflow attempt | off | drop | drop |
| 1 | 40918 | FILE-PDF | Iceni Argus PDF uninitialized WordStyle color length code overflow attempt | off | drop | drop |
| 1 | 40919 | FILE-PDF | Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt | off | off | drop |
| 1 | 40920 | FILE-PDF | Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt | off | off | drop |
| 1 | 40921 | FILE-PDF | Iceni Argus loadLZWBuffer out of bounds write attempt | off | off | off |
| 1 | 40922 | FILE-PDF | Iceni Argus loadLZWBuffer out of bounds write attempt | off | off | off |
| 1 | 40923 | FILE-PDF | Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt | off | off | drop |
| 1 | 40924 | FILE-PDF | Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt | off | off | drop |
| 1 | 40925 | FILE-PDF | Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt | off | off | drop |
| 1 | 40926 | FILE-PDF | Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt | off | off | drop |
| 1 | 40934 | FILE-EXECUTABLE | Nvidia Windows kernel mode driver denial of service attempt | off | drop | drop |
| 1 | 40935 | FILE-EXECUTABLE | Nvidia Windows kernel mode driver denial of service attempt | off | drop | drop |
| 1 | 41108 | FILE-OFFICE | Oracle Outside In Technology image export use after free attempt | off | off | drop |
| 1 | 41109 | FILE-OFFICE | Oracle Outside In Technology image export use after free attempt | off | off | drop |
| 1 | 41110 | FILE-OFFICE | Ichitaro Office JTD Figure handling code execution attempt | off | drop | drop |
| 1 | 41111 | FILE-OFFICE | Ichitaro Office JTD Figure handling code execution attempt | off | drop | drop |
| 1 | 41206 | SERVER-OTHER | Aerospike Database Server index name buffer overflow attempt | off | off | drop |
| 1 | 41209 | SERVER-OTHER | Aerospike Database Server Fabric particle_vtable out of bounds read attempt | off | off | drop |
| 1 | 41212 | SERVER-OTHER | Aerospike Database Server digest_ripe message field out of bounds read attempt | off | off | drop |
| 1 | 41213 | SERVER-OTHER | Aerospike Database Server client batch request exploit attempt | off | off | drop |
| 1 | 41216 | SERVER-OTHER | Aerospike Database Server si_prop stack buffer overflow attempt | off | off | drop |
| 1 | 41219 | SERVER-OTHER | Aerospike Database Server Fabric denial of service attempt | off | off | off |
| 1 | 41310 | FILE-IMAGE | libBPG restore_tqb_pixel out of bounds write attempt | off | drop | drop |
| 1 | 41311 | FILE-IMAGE | libBPG restore_tqb_pixel out of bounds write attempt | off | drop | drop |
| 1 | 41327 | FILE-PDF | Iceni Argus ipStringCreate integer overflow attempt | off | off | drop |
| 1 | 41328 | FILE-PDF | Iceni Argus ipStringCreate integer overflow attempt | off | off | drop |
| 1 | 41350 | FILE-OTHER | Apple Garageband .band file out of bounds write attempt | off | off | drop |
| 1 | 41351 | FILE-OTHER | Apple Garageband .band file out of bounds write attempt | off | off | drop |
| 1 | 41370 | FILE-OTHER | National Instruments LabVIEW LvVarientUnflatten remote code execution attempt | off | drop | drop |
| 1 | 41371 | FILE-OTHER | National Instruments LabVIEW LvVarientUnflatten remote code execution attempt | off | drop | drop |
| 1 | 41447 | FILE-OTHER | Apple GarageBand out of bounds write attempt | off | drop | drop |
| 1 | 41448 | FILE-OTHER | Apple GarageBand out of bounds write attempt | off | drop | drop |
| 1 | 41505 | SERVER-OTHER | Pharos PopUp Printer Client DecodeString heap overflow attempt | off | off | drop |
| 1 | 41506 | SERVER-OTHER | Pharos PopUp Printer Client DecodeString heap overflow attempt | off | off | drop |
| 1 | 41508 | SERVER-OTHER | Pharos PopUp Printer Client Memcpy heap overflow attempt | off | off | drop |
| 1 | 41509 | SERVER-OTHER | Pharos PopUp Printer Client DecodeBinary heap overflow attempt | off | off | drop |
| 1 | 41510 | SERVER-OTHER | Pharos PopUp Printer Client DecodeBinary heap overflow attempt | off | off | drop |
| 1 | 41999 | OS-OTHER | Apple OSX and iOS x509 certificate name constraints parsing use after free attempt | off | drop | drop |
| 3 | 42076 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0300 attack attempt | off | off | drop |
| 3 | 42077 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0300 attack attempt | off | off | drop |
| 3 | 42078 | SERVER-WEBAPP | TRUFFLEHUNTER TALOS-2017-0299 attack attempt | off | off | drop |
| 1 | 42079 | MALWARE-CNC | Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent | off | drop | drop |
| 1 | 42080 | MALWARE-CNC | Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent | off | drop | drop |
| 1 | 42081 | MALWARE-CNC | Win.Trojan.Jenxcus outbound POST request attempt | off | drop | drop |
| 1 | 42082 | INDICATOR-COMPROMISE | Request for external IP address detected | off | off | off |
| 1 | 42083 | MALWARE-CNC | Win.Trojan.Downeks variant initial outbound connection attempt | off | drop | drop |
| 3 | 42084 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2017-0297 attack attempt | off | off | off |
| 3 | 42085 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2017-0297 attack attempt | off | off | off |
| 3 | 42086 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2017-0297 attack attempt | off | off | off |
| 3 | 42087 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2017-0297 attack attempt | off | off | off |
| 3 | 42088 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2017-0298 attack attempt | off | off | drop |
| 3 | 42089 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2017-0298 attack attempt | off | off | drop |
| 3 | 42090 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2017-0298 attack attempt | off | off | drop |
| 3 | 42091 | FILE-IMAGE | TRUFFLEHUNTER TALOS-2017-0298 attack attempt | off | off | drop |
| 1 | 42092 | POLICY-OTHER | NetBiter WebSCADA ws100/ws200 logo modification attempt | off | off | off |
| 1 | 42093 | POLICY-OTHER | NetBiter WebSCADA ws100/ws200 file read attempt | off | off | off |
| 1 | 42094 | SERVER-WEBAPP | NetBiter WebSCADA ws100/ws200 information gathering attempt | off | off | off |
| 1 | 42095 | SERVER-WEBAPP | NetBiter WebSCADA ws100/ws200 directory traversal attempt | off | off | off |
| 1 | 42096 | FILE-FLASH | Adobe Flash Player Resolution Opportunity parameter memory corruption attempt | off | drop | drop |
| 1 | 42097 | FILE-FLASH | Adobe Flash Player Resolution Opportunity parameter memory corruption attempt | off | drop | drop |
| 1 | 42098 | MALWARE-CNC | Win.Trojan.Winpud encoded payload download attempt | off | drop | drop |
| 1 | 42099 | MALWARE-CNC | Win.Trojan.Winpud encoded payload download attempt | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 36225 | FILE-OTHER | Libgraphite empty feature list denial of service attempt | off | drop | drop |
| 1 | 36226 | FILE-OTHER | Libgraphite empty feature list denial of service attempt | off | drop | drop |
| 1 | 36227 | FILE-OTHER | Libgraphite empty feature list denial of service attempt | off | drop | drop |
| 1 | 36228 | FILE-OTHER | Libgraphite empty feature list denial of service attempt | off | drop | drop |
| 1 | 36229 | FILE-FLASH | Adobe Flash Player On2 VP6 video codec fragment read access violation attempt | off | drop | drop |
| 1 | 36230 | FILE-FLASH | Adobe Flash Player On2 VP6 video codec fragment read access violation attempt | off | drop | drop |
| 1 | 37841 | SERVER-OTHER | ntpd reference clock impersonation attempt | off | off | off |
| 1 | 37842 | SERVER-OTHER | ntpd reference clock impersonation attempt | off | off | off |
| 1 | 37843 | SERVER-OTHER | NTP crypto-NAK possible DoS attempt | off | off | off |
| 1 | 37866 | FILE-PDF | Oracle Outside In libvs_pdf arbitrary pointer access attempt | off | off | off |
| 1 | 37867 | FILE-PDF | Oracle Outside In libvs_pdf arbitrary pointer access attempt | off | off | off |
| 1 | 38849 | OS-WINDOWS | Kaspersky Internet Security KLIF driver denial of service attempt | off | drop | drop |
| 1 | 38850 | OS-WINDOWS | Kaspersky Internet Security KLIF driver denial of service attempt | off | drop | drop |
| 1 | 39078 | OS-WINDOWS | Kaspersky Internet Security KLIF driver denial of service attempt | off | drop | drop |
| 1 | 39079 | OS-WINDOWS | Kaspersky Internet Security KLIF driver denial of service attempt | off | drop | drop |
| 1 | 39466 | FILE-EXECUTABLE | Symantec Norton Security IDSvix86 out of bounds read attempt | off | off | drop |
| 1 | 39467 | FILE-EXECUTABLE | Symantec Norton Security IDSvix86 out of bounds read attempt | off | off | drop |
| 1 | 39876 | PROTOCOL-SNMP | Allen-Bradley MicroLogix PLC SNMP request via undocumented community string attempt | off | drop | drop |
| 1 | 39918 | FILE-EXECUTABLE | Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt | off | off | off |
| 1 | 39919 | FILE-EXECUTABLE | Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt | off | off | off |
| 1 | 40429 | FILE-PDF | Foxit PDF Reader JBIG2 parser out of bounds read attempt | off | off | drop |
| 1 | 40430 | FILE-PDF | Foxit PDF Reader JBIG2 parser out of bounds read attempt | off | off | drop |
| 1 | 41217 | OS-OTHER | Joyent SmartOS add entries denial of service attempt | off | drop | drop |
| 1 | 41218 | OS-OTHER | Joyent SmartOS add entries denial of service attempt | off | drop | drop |
| 1 | 41507 | SERVER-OTHER | Pharos PopUp Printer Client DecodeString denial of service attempt | off | off | off |
| 1 | 42073 | PROTOCOL-SCADA | TraceMode Runtime DOS attempt | off | off | off |
| 1 | 42074 | PROTOCOL-SCADA | TraceMode Runtime DOS attempt | off | drop | off |
| 1 | 42075 | PROTOCOL-SCADA | TraceMode Runtime DOS attempt | drop | off | off |
Updated rules can be found at this link.