* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-04-06-001
Previous SRU number: 2017-04-03-002
Applies to:
This SEU number: 1648
Previous SEU: 1645
Applies to:
This is the complete list of rules modified in SRU 2017-04-06-001 and SEU 1648.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 3 | 13469 | FILE-OFFICE | Microsoft Word ole stream memory corruption attempt | off | off | off |
| 3 | 13582 | FILE-OFFICE | Microsoft Excel sst record arbitrary code execution attempt | off | off | off |
| 3 | 13790 | FILE-OFFICE | Microsoft Word malformed css remote code execution attempt | off | off | off |
| 3 | 13803 | FILE-OFFICE | RTF control word overflow attempt | off | off | off |
| 3 | 13958 | FILE-OFFICE | WordPerfect Graphics file invalid RLE buffer overflow attempt | off | off | off |
| 3 | 13969 | FILE-OFFICE | Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt | off | off | off |
| 3 | 14655 | FILE-OFFICE | Excel rept integer underflow attempt | off | off | off |
| 3 | 15117 | FILE-OFFICE | Microsoft Excel malformed OBJ record arbitrary code execution attempt | off | off | off |
| 3 | 15125 | FILE-OFFICE | Microsoft Word rich text file unpaired dpendgroup exploit attempt | off | off | off |
| 3 | 15298 | FILE-OFFICE | Microsoft Visio could allow remote code execution | off | off | off |
| 3 | 15365 | FILE-OFFICE | Microsoft Excel extrst record arbitrary code excecution attempt | off | off | off |
| 3 | 15454 | FILE-OFFICE | Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt | off | off | off |
| 3 | 15465 | FILE-OFFICE | Microsoft Excel malformed object record remote code execution attempt | off | off | off |
| 3 | 15498 | FILE-OFFICE | Microsoft PowerPoint CString atom overflow attempt | off | off | off |
| 3 | 15519 | FILE-OFFICE | Microsoft Office Excel BRAI record remote code execution attempt | off | off | off |
| 3 | 15521 | FILE-OFFICE | Microsoft Office Excel ExternSheet record remote code execution attempt | off | off | off |
| 3 | 16230 | FILE-OFFICE | Microsoft Excel oversized ib memory corruption attempt | off | off | off |
| 3 | 16649 | FILE-OFFICE | Microsoft Excel HFPicture record stack buffer overflow attempt | off | off | off |
| 3 | 16662 | FILE-OFFICE | Microsoft Excel SxView heap overflow attempt | off | off | off |
| 3 | 17251 | FILE-OFFICE | Outlook RTF remote code execution attempt | off | off | off |
| 3 | 17665 | FILE-OFFICE | OpenOffice Word document table parsing multiple heap based buffer overflow attempt | off | drop | drop |
| 3 | 17762 | FILE-OFFICE | Microsoft Excel corrupted TABLE record clean up exploit attempt | off | off | off |
| 3 | 18063 | FILE-OFFICE | Microsoft Office embedded Office Art drawings execution attempt | off | off | off |
| 3 | 18676 | FILE-OFFICE | Microsoft Office Excel DV record buffer overflow attempt | off | off | off |
| 3 | 18949 | FILE-OFFICE | PowerPoint malformed RecolorInfoAtom exploit attempt | off | off | off |
| 3 | 22089 | FILE-OFFICE | Microsoft RTF improper listoverride nesting attempt | off | off | drop |
| 3 | 24666 | FILE-OFFICE | Excel invalid data item buffer overflow attempt | off | off | drop |
| 3 | 33587 | FILE-OFFICE | Microsoft RTF improper listoverride nesting attempt | off | off | drop |
| 1 | 37919 | EXPLOIT-KIT | Gong da exploit kit landing page | off | drop | drop |
| 3 | 39082 | FILE-OFFICE | TRUFFLEHUNTER TALOS-CAN-0160 attack attempt | off | off | off |
| 3 | 39083 | FILE-OFFICE | TRUFFLEHUNTER TALOS-CAN-0160 attack attempt | off | off | off |
| 1 | 39242 | BROWSER-IE | Microsoft Internet Explorer Typed Array use after free attempt | off | off | drop |
| 1 | 39243 | BROWSER-IE | Microsoft Internet Explorer Typed Array use after free attempt | off | off | drop |
| 1 | 39565 | FILE-FLASH | Adobe Flash Player malformed tag parsing memory corruption attempt | off | drop | drop |
| 1 | 39566 | FILE-FLASH | Adobe Flash Player malformed tag parsing memory corruption attempt | off | drop | drop |
| 1 | 40773 | FILE-PDF | Oracle Outside In Technology remote code execution attempt | off | off | off |
| 1 | 40774 | FILE-PDF | Oracle Outside In Technology remote code execution attempt | off | off | off |
| 3 | 40927 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2016-0207 attack attempt | off | drop | drop |
| 3 | 40928 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2016-0207 attack attempt | off | drop | drop |
| 3 | 40929 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2016-0208 attack attempt | off | drop | drop |
| 3 | 40930 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2016-0208 attack attempt | off | drop | drop |
| 3 | 40931 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2016-0209 attack attempt | off | drop | drop |
| 3 | 40932 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2016-0209 attack attempt | off | drop | drop |
| 3 | 41468 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0272 attack attempt | off | off | drop |
| 3 | 41469 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0272 attack attempt | off | off | drop |
| 3 | 41511 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-2783 attack attempt | off | drop | drop |
| 3 | 41512 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-2783 attack attempt | off | drop | drop |
| 3 | 41543 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0285 attack attempt | off | off | drop |
| 3 | 41544 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0285 attack attempt | off | off | drop |
| 3 | 41545 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0284 attack attempt | off | off | drop |
| 3 | 41546 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0284 attack attempt | off | off | drop |
| 3 | 41703 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2016-0197 TALOS-2017-0288 attack attempt | off | off | drop |
| 3 | 41704 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2016-0197 TALOS-2017-0288 attack attempt | off | off | drop |
| 3 | 41726 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0292 attack attempt | off | drop | drop |
| 3 | 41727 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0292 attack attempt | off | drop | drop |
| 3 | 41753 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0291 attack attempt | off | off | drop |
| 3 | 41754 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0291 attack attempt | off | off | drop |
| 3 | 41759 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0290 attack attempt | off | off | drop |
| 3 | 41760 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0290 attack attempt | off | off | drop |
| 3 | 41765 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0286 attack attempt | off | off | drop |
| 3 | 41766 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0286 attack attempt | off | off | drop |
| 3 | 42008 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0295 attack attempt | off | off | drop |
| 3 | 42009 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0295 attack attempt | off | off | drop |
| 3 | 42076 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0300 attack attempt | off | off | drop |
| 3 | 42077 | FILE-OFFICE | TRUFFLEHUNTER TALOS-2017-0300 attack attempt | off | off | drop |