* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-05-01-002
Previous SRU number: 2017-04-26-001
Applies to:
This SEU number: 1665
Previous SEU: 1663
Applies to:
This is the complete list of rules modified in SRU 2017-05-01-002 and SEU 1665.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 7070 | POLICY-OTHER | script tag in URI - likely cross-site scripting attempt | off | off | off |
| 1 | 24774 | BROWSER-PLUGINS | ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt | off | off | off |
| 1 | 24775 | BROWSER-PLUGINS | ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt | off | off | off |
| 1 | 24776 | BROWSER-PLUGINS | ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt | off | off | off |
| 1 | 24777 | BROWSER-PLUGINS | ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt | off | off | off |
| 1 | 31549 | FILE-FLASH | Adobe Flash Player feed scheme security sandbox bypass attempt | off | off | off |
| 1 | 31550 | FILE-FLASH | Adobe Flash Player feed scheme security sandbox bypass attempt | off | off | off |
| 1 | 31551 | FILE-FLASH | Adobe Flash Player pcast scheme security sandbox bypass attempt | off | off | off |
| 1 | 31552 | FILE-FLASH | Adobe Flash Player feed scheme security sandbox bypass attempt | off | off | off |
| 1 | 31553 | FILE-FLASH | Adobe Flash Player feed scheme security sandbox bypass attempt | off | off | off |
| 1 | 31554 | FILE-FLASH | Adobe Flash Player pcast scheme security sandbox bypass attempt | off | off | off |
| 1 | 31608 | BROWSER-IE | Microsoft Internet Explorer cloneNode for loop remote code execution attempt | off | off | drop |
| 1 | 31610 | BROWSER-IE | Microsoft Internet Explorer cloneNode for loop remote code execution attempt | off | off | drop |
| 1 | 35811 | FILE-PDF | Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt | off | drop | drop |
| 1 | 35812 | FILE-PDF | Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt | off | drop | drop |
| 1 | 38096 | BROWSER-IE | Microsoft Internet Explorer out of bound write access attempt | off | drop | drop |
| 1 | 38097 | BROWSER-IE | Microsoft Internet Explorer out of bound write access attempt | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 24702 | FILE-OTHER | Adobe Director rcsL chunk parsing denial of service attempt | off | off | off |
| 1 | 24703 | FILE-OTHER | Adobe Director rcsL chunk parsing denial of service attempt | off | off | off |
| 1 | 24761 | FILE-OTHER | Adobe Director rcsL chunk parsing denial of service attempt | off | off | off |
| 1 | 24762 | FILE-OTHER | Adobe Director rcsL chunk parsing denial of service attempt | off | off | off |
| 1 | 33159 | FILE-FLASH | Adobe Flash Player AVM2 opcode type confusion denial of service attempt | off | off | off |
| 1 | 33160 | FILE-FLASH | Adobe Flash Player AVM2 opcode type confusion denial of service attempt | off | off | off |
| 1 | 33549 | FILE-FLASH | Adobe Flash Player addHeader null pointer dereference attempt | off | off | off |
| 1 | 33550 | FILE-FLASH | Adobe Flash Player addHeader null pointer dereference attempt | off | off | off |
| 1 | 33551 | FILE-FLASH | Adobe Flash Player addHeader null pointer dereference attempt | off | off | off |
| 1 | 33552 | FILE-FLASH | Adobe Flash Player addHeader null pointer dereference attempt | off | off | off |