Cisco Talos (VRT) Update for Sourcefire 3D System

* Talos combines our security experts from TRAC, SecApps, and VRT teams.

Date: 2017-05-04

This SRU number: 2017-05-03-001
Previous SRU number: 2017-05-01-002

Applies to:

This SEU number: 1666
Previous SEU: 1665

Applies to:

This is the complete list of rules modified in SRU 2017-05-03-001 and SEU 1666.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

Updated Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
117388FILE-IMAGEOpenOffice EMF file EMR record parsing integer overflow attemptoffoffoff
117413OS-WINDOWSMicrosoft Jet DB Engine Buffer Overflow attemptoffoffoff
118654PROTOCOL-SCADAIGSS IGSSDataServer.exe format string attemptoffoffdrop
123092FILE-OFFICEEMF corruption attemptoffoffoff
123094FILE-OFFICEEMF corruption attemptoffoffoff
123095FILE-OFFICEEMF corruption attemptoffoffoff
125528SERVER-WEBAPPMoveable Type unauthenticated remote command execution attemptoffoffoff
125770BROWSER-IEMicrosoft Internet Explorer deleted object access memory corruption attemptoffoffoff
131027FILE-OTHERAdobe Acrobat EMF conversion heap buffer overflow attemptoffoffdrop
131028FILE-OTHERAdobe Acrobat EMF conversion heap buffer overflow attemptoffoffdrop
131029FILE-OTHERAdobe Acrobat EMF conversion heap buffer overflow attemptoffoffdrop
131030FILE-OTHERAdobe Acrobat EMF conversion heap buffer overflow attemptoffoffdrop
134082FILE-OTHERMicrosoft emf small header overwrite attemptoffoffoff
134083FILE-OTHERMicrosoft emf small header overwrite attemptoffoffoff
135599FILE-FLASHAdobe Flash Player NetConnection use-after-free attemptoffdropdrop
135600FILE-FLASHAdobe Flash Player NetConnection use-after-free attemptoffdropdrop
135601FILE-FLASHAdobe Flash Player NetConnection use-after-free attemptoffdropdrop
135602FILE-FLASHAdobe Flash Player NetConnection use-after-free attemptoffdropdrop
139361BLACKLISTUser-Agent known malicious user-agent string - Win.Trojan.Batlopmaoffoffoff
141152FILE-PDFAdobe Acrobat Reader Forms Data Format embedded javascript attemptoffdropdrop
141153FILE-PDFAdobe Acrobat Reader Forms Data Format embedded javascript attemptoffdropdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
130340SERVER-WEBAPPCisco 675 web administration denial of service attemptoffoffoff
136972FILE-OTHERWindows Media Player MCL to HTML information disclosure attemptoffoffoff
136973FILE-OTHERWindows Media Player MCL to HTML information disclosure attemptoffoffoff