* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-05-03-001
Previous SRU number: 2017-05-01-002
Applies to:
This SEU number: 1666
Previous SEU: 1665
Applies to:
This is the complete list of rules modified in SRU 2017-05-03-001 and SEU 1666.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 17388 | FILE-IMAGE | OpenOffice EMF file EMR record parsing integer overflow attempt | off | off | off |
| 1 | 17413 | OS-WINDOWS | Microsoft Jet DB Engine Buffer Overflow attempt | off | off | off |
| 1 | 18654 | PROTOCOL-SCADA | IGSS IGSSDataServer.exe format string attempt | off | off | drop |
| 1 | 23092 | FILE-OFFICE | EMF corruption attempt | off | off | off |
| 1 | 23094 | FILE-OFFICE | EMF corruption attempt | off | off | off |
| 1 | 23095 | FILE-OFFICE | EMF corruption attempt | off | off | off |
| 1 | 25528 | SERVER-WEBAPP | Moveable Type unauthenticated remote command execution attempt | off | off | off |
| 1 | 25770 | BROWSER-IE | Microsoft Internet Explorer deleted object access memory corruption attempt | off | off | off |
| 1 | 31027 | FILE-OTHER | Adobe Acrobat EMF conversion heap buffer overflow attempt | off | off | drop |
| 1 | 31028 | FILE-OTHER | Adobe Acrobat EMF conversion heap buffer overflow attempt | off | off | drop |
| 1 | 31029 | FILE-OTHER | Adobe Acrobat EMF conversion heap buffer overflow attempt | off | off | drop |
| 1 | 31030 | FILE-OTHER | Adobe Acrobat EMF conversion heap buffer overflow attempt | off | off | drop |
| 1 | 34082 | FILE-OTHER | Microsoft emf small header overwrite attempt | off | off | off |
| 1 | 34083 | FILE-OTHER | Microsoft emf small header overwrite attempt | off | off | off |
| 1 | 35599 | FILE-FLASH | Adobe Flash Player NetConnection use-after-free attempt | off | drop | drop |
| 1 | 35600 | FILE-FLASH | Adobe Flash Player NetConnection use-after-free attempt | off | drop | drop |
| 1 | 35601 | FILE-FLASH | Adobe Flash Player NetConnection use-after-free attempt | off | drop | drop |
| 1 | 35602 | FILE-FLASH | Adobe Flash Player NetConnection use-after-free attempt | off | drop | drop |
| 1 | 39361 | BLACKLIST | User-Agent known malicious user-agent string - Win.Trojan.Batlopma | off | off | off |
| 1 | 41152 | FILE-PDF | Adobe Acrobat Reader Forms Data Format embedded javascript attempt | off | drop | drop |
| 1 | 41153 | FILE-PDF | Adobe Acrobat Reader Forms Data Format embedded javascript attempt | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 30340 | SERVER-WEBAPP | Cisco 675 web administration denial of service attempt | off | off | off |
| 1 | 36972 | FILE-OTHER | Windows Media Player MCL to HTML information disclosure attempt | off | off | off |
| 1 | 36973 | FILE-OTHER | Windows Media Player MCL to HTML information disclosure attempt | off | off | off |