Cisco Intrusion Prevention System Signature Update S507 August 11, 2010 Copyright (C) 1999-2010 Cisco Systems, Inc. All rights reserved. Printed in the USA. Cisco, Cisco Systems, and the Cisco Systems logo are registered trademarks of Cisco Systems, Inc. in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their registered owners. ======================================================================== Table Of Contents ======================================================================== S507 SIGNATURE UPDATE DETAILS - NEW SIGNATURES - TUNED SIGNATURES - CAVEATS - RESOLVED CAVEATS IMPORTANT NOTES - E4 ENGINE UPDATE REQUIRED FOR SIGNATURE UPDATES S481 AND LATER IPS 6.X and 7.X SENSOR SIGNATURE UPDATE INSTRUCTIONS - TARGET PLATFORMS AND REQUIRED VERSIONS - INSTALLATION - UNINSTALLATION - CAVEATS CSM/ IPSMC SIGNATURE UPDATE INSTRUCTIONS - CSM VERSION 3.2 AND ABOVE - INSTALLATION - UNINSTALLATION - CAVEATS S339-S506 SIGNATURE UPDATE DETAILS - NEW FEATURES - NEW SIGNATURES - TUNED SIGNATURES/RESOLVED CAVEATS - CAVEATS ======================================================================== ================================================================================================= S507 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 27359.0 Real-Time Streaming string-tcp high true Protocol Inspection Vulnerability 27599.0 Cisco ACE SIP Inspection atomic-ip medium true DoS 28539.0 Adobe Flash Player Exploit multi-string high true 28659.0 Internet Explorer Heap string-tcp high true Spray Code TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3045.0 Queso Sweep sweep-other-tc medium false p 3115.3 Sendmail Data Header state high false Overflow 3344.0 Windows 2000 TCP RPC DoS string-tcp medium false 3602.0 IOS Cisco Identification string-tcp informational false 3787.0 IRIX Printing System string-tcp high false Remote Command Execution 4613.1 TFTP Filename Buffer atomic-ip low false Overflow 4703.0 MSSQL Resolution Service atomic-ip high false Stack Overflow 4704.0 MSSQL Resolution Service atomic-ip high false Heap Overflow 5040.1 WWW perl interpreter service-http medium false attack 5040.2 WWW perl interpreter service-http medium false attack 5040.3 WWW perl interpreter service-http medium false attack 5046.0 WWW dumpenv.pl recon service-http low false 5138.0 Oracle Application Server service-http medium false Shared Library Overflow 5170.0 Null Byte In HTTP Request service-http low false 5170.1 Null Byte In HTTP Request service-http low false 5280.0 IIS idq.dll Directory service-http low false Traversal 5510.0 Cisco TFTPD Directory atomic-ip high false Traversal 5511.0 Ascend Denial of Service atomic-ip low false 5559.0 FTP Format String string-tcp high false 5679.0 Oracle TNS Listener atomic-ip medium false Denial Of Service 5681.0 ISC DHCP Deamon Buffer atomic-ip high false Overflow 5689.0 MSSQL Resolution Service atomic-ip medium false Keep-Alive DoS 5745.0 FTP REST command string-tcp low false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= IMPORTANT NOTES E4 ENGINE UPDATE REQUIRED FOR SIGNATURE UPDATES S481 AND LATER Beginning with S481, all signature updates will require that your sensors be updated with the E4 engine update. Engine and Signature Updates can be downloaded automatically using Cisco Security Manager (CSM) or by sensors running IPS Version 6.1(1) or later. Sensors running IPS Version 6.1(1) or later that have been configured for automatic updates from cisco.com will automatically be updated with E4. The updates can also be downloaded manually from the following locations: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268438162 You can navigate to the appropriate version by clicking on “Intrusion Prevention System (IPS)” -> “IPS Appliances” -> “Cisco Intrusion Prevention System”. NOTE: You must have an active Cisco Service for IPS contract to download this software. Please consult the table below for recommendations on upgrade paths: Installed Release Recommended Update --------------------------------------------- 6.0(6)E3 or earlier 6.0(6)E4 6.2(2)E3 or earlier 6.2(2)E4 6.1(3)E3 or earlier 6.2(2)E4 7.0(2)E3 or earlier 7.0(2)E4 Warning: Beginning with S366, signature updates will only be released for E4-level sensor software releases. These include: 6.0(6)E4, 6.2(2)E4 and 7.0(2)E4. Your sensors MUST be on one of these releases to receive further signature updates. For more details regarding the E4 engine update, please refer to the readme files available at the download links listed above. Please note that there is a 60-day grace period after a service pack or minor release during which any engine updates will be released for both the current and previous release. After 60 days, only the current release will receive an engine update. Customers who choose to remain on an older release will be required to update to the latest service pack in order to maintain up-to-date protection. For more information on supported versions please click here: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_bulletin0900aecd80365daa.html ======================================================================== IPS 6.X AND 7.X SENSOR SIGNATURE UPDATE INSTRUCTIONS TARGET PLATFORMS AND REQUIRED VERSIONS ------------------------------------------------------------------------ Note: Beginning with S481, signature updates have a minimum required Engine update level of E4. You must be running the E4 engine update to install signature update S481 or later. The E4 engine update is supported on sensors running IPS versions 6.0(6), 6.1(3), 6.2(2), or 7.0(2). ------------------------------------------------------------------------ Note2: The S480 signature update has been packaged into the E4 engine update and will not be released as a separate signature update. ------------------------------------------------------------------------ Note3: All signature updates are cumulative. The S507 signature update contains all previously released signature updates. This signature update may contain signatures that include protected parameters. A protected value is not visible to the user. ---------------------------------------------------------------------- The IPS-sig-S507-req-E4.pkg upgrade file can be applied to the following sensor platforms: - IPS-42xx Cisco Intrusion Prevention System (IPS) sensors - IDS-42xx Cisco Intrusion Detection System (IDS) sensors (except the IDS-4220, and IDS-4230) - WS-SVC-IDSM2 series Intrusion Detection System Module (IDSM2) - NM-CIDS IDS Network Module for Cisco 26xx, 3680, and 37xx Router Families. - ASA-SSM-10 Cisco ASA Advanced Inspection and Prevention Security Services Module (Requires ASA) - ASA-SSM-20 Cisco ASA Advanced Inspection and Prevention Security Services Module (Requires ASA) - ASA-SSM-40 Cisco ASA Advanced Inspection and Prevention Security Services Module (Requires ASA) - AIM-IPS Cisco Advanced Integration Module for ISR Routers The sensor must running engine update version E4 before you can apply this signature update. To determine the current sensor version, log in to CLI and type the following command at the prompt: show version INSTALLATION ------------------------------------------------------------------------ Note: Signature updates may take a while to install depending on the sensors upgrade history, configuration, and amount of traffic the sensor is processing. The AIM-IPS, for example, has taken up to 40 minutes to update during testing. Please do not reboot the sensor while the signature update is installing as the sensor may be left in an unknown state requiring it to be reimaged. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Note: Before installing a new signature update, it is highly recommended that you back-up your configuration file to a remote system. For details, refer to the Copy command section in the applicable Command Reference Guide located at the following urls: IPS Version 7.0: http://www.cisco.com/en/US/docs/security/ips/7.0/command/reference/crCmds.html#wp458440 IPS Version 6.2: http://www.cisco.com/en/US/docs/security/ips/6.2/command/reference/crCmds.html#wp458440 IPS Version 6.1: http://www.cisco.com/en/US/docs/security/ips/6.1/command/reference/crCmds.html#wp458440 IPS Version 6.0: http://www.cisco.com/en/US/docs/security/ips/6.0/command/reference/crCmds.html#wp458440 ------------------------------------------------------------------------ WARNING: DO NOT REBOOT THE SENSOR DURING THE INSTALLATION PROCESS. Doing so will leave the sensor in an unknown state and may require that the sensor be re-imaged. To install the S507 signature update: 1. Download the binary file IPS-sig-S507-req-E4.pkg to an ftp, scp, http, or https server on your network from: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268438162 CAUTION: You must preserve the original file name. 2. Log in to the IPS CLI using an account with administrator privileges. 3. Type the following command to enter Configuration mode: configure terminal 4. Execute the upgrade command by typing the following: upgrade [URL]/IPS-sig-S507-req-E4.pkg where the [URL] is uniform resource locator pointing to where the signature update package is located. For example, to retrieve the update via FTP, type the following: upgrade ftp://username@ip-address//directory/IPS-sig-S507-req-E4.pkg The available transport methods are: SCP, FTP, HTTP, or HTTPS 5. Enter the appropriate password when prompted. 6. To complete the upgrade, type yes when prompted. UNINSTALLATION To uninstall the version S507 signature update and return the sensor to its previous state, follow these steps: 1. Log in to the CLI using an account with administrator privileges. 2. Type the following command to enter Configuration mode: configure terminal 3. Type the following command to start the downgrade: downgrade ------------------------------------------------------------------------ Note: The downgrade may take a long time to complete depending on the configuration of the sensor and the amount of traffic the sensor is processing. Please do not reboot the sensor while the signature update is occurring as the sensor may be left in an unknown state requiring the sensor to be reimaged. ------------------------------------------------------------------------ ======================================================================== CSM/ IPS MC SIGNATURE UPDATE INSTRUCTIONS The IPS-CS-MGR-sig-S481-req-E4.zip and later signature update files which require the E4 update have been tested for IPS versions as follows: IPS Versions CSM Versions Validated ======================================== IPS 6.0(6)E4 CSM 3.2.2 and later IPS 6.2(2)E4 CSM 3.3 and later IPS 7.0(2)E4 CSM 3.3 and later For pushing E4 based signature update files to the AIM IPS platform, CSM 3.2 SP2 is required at a minimum since it has E2 specific fixes for AIM IPS. Please note that upgrading to 6.2(2)E3 fails for SSC-5 devices using CSC 3.3 and CSM 3.3.1. This issue is being tracked using bug id CSCtc18941. The E4 Engine Update packages for sensors are deployed automatically the first time a signature set that requires E4 is deployed by CSM. If the target sensor is already running E4, the signature Update will be applied directly without deploying the E3 package. E4 updates are not listed or available for selection in the Apply Update Wizard and cannot be applied independently by CSM. To ensure that the E4 update is applied to your sensors, please ensure that you push signature update S481 or later to your sensors. ------------------------------------------------------------------------ Note: Beginning with S481, signature updates have a minimum required Engine update level of E4. You must be running the E4 engine update to install signature update S481 or later. The E4 engine update is supported on sensors running IPS versions 6.0(6), 6.2(3) or 7.0(2). ------------------------------------------------------------------------ Note2: The S480 signature update has been packaged into the E4 engine update and will not be released as a separate signature update. ------------------------------------------------------------------------ ------------------------- CSM VERSION 3.2.2 AND ABOVE INSTALLATION For Automating IPS Update Tasks, please refer to the following: CSM 3.2.2: http://www.cisco.com/en/US/partner/docs/security/security_management/cisco_security_manager/security_manager/3.2.2/user/guide/adman.html#wp801836 CSM 3.3: http://www.cisco.com/en/US/partner/docs/security/security_management/cisco_security_manager/security_manager/3.3.1/user/guide/adman.html#wp869770 For setting up the Updates Server in CSM 3.1 and above please refer to the following: CSM 3.2.2: http://www.cisco.com/en/US/partner/docs/security/security_management/cisco_security_manager/security_manager/3.2.2/user/guide/syspage.html#wp73769 CSM 3.3: http://www.cisco.com/en/US/partner/docs/security/security_management/cisco_security_manager/security_manager/3.3.1/user/guide/syspage.html#wp929969 To manually install the version S507 signature update on CSM3.2.2 and above, follow these steps: 1. Start the Cisco Security Manager client. 2. Click Tools > Apply IPS Update to open the Apply IPS Update wizard. 3. Click Download Latest Updates. 4. Close the popup when download is complete. 5. On the first page of the wizard, select the update that you want to apply > Click Next to continue. 6. On the second page of the wizard, select the devices (local policies) and/or shared policies you want to update 7. Click Finish to apply your update to the policies. 8. Submit & Deploy your changes to the devices. UNINSTALLATION To uninstall a signature update , follow the instructions listed in the Understanding Rollback for IPS and IOS IPS User Guide documentation: CSM 3.2.2: http://www.cisco.com/en/US/partner/docs/security/security_management/cisco_security_manager/security_manager/3.2.2/user/guide/dpman.html#wp833628 CSM 3.3: http://www.cisco.com/en/US/partner/docs/security/security_management/cisco_security_manager/security_manager/3.3.1/user/guide/dpman.html#wp829885 CAVEATS None. ================================================================================================= S506 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 28099.0 Microsoft SMB Pool multi-string high true Overflow Vulnerability 28141.0 Internet Explorer HTML string-tcp high true Memory Corruption Vulnerability 28159.0 Microsoft Word Record multi-string high true Parsing Vulnerability 28179.0 SMB Variable Validation string-tcp high true Vulnerability 28199.0 Word RTF Parsing Buffer string-tcp high true Overflow 28201.0 Word RTF Parsing Engine string-tcp high true Memory Corruption 28299.0 Microsoft Silverlight string-tcp high true Memory Corruption Vulnerability 28300.0 Microsoft Word HTML string-tcp high true Linked Objects Memory Corruption 28359.0 Microsoft Excel Memory multi-string high true Corruption 28360.0 Microsoft Movie Maker multi-string high true Memory Corruption Vulnerability 28361.0 Windows MPEG Audio string-tcp high true Decoder Buffer Overflow 28439.0 Microsoft Windows SMB2 string-tcp high true Stack Exhaustion Vulnerability 28481.0 Msxml2.XMLHTTP.3.0 meta high true Response Handling Memory Corruption Exploit 28481.1 Msxml2.XMLHTTP.3.0 string-tcp informational true Response Handling Memory Corruption Exploit 28481.2 Msxml2.XMLHTTP.3.0 service-http informational true Response Handling Memory Corruption Exploit 28481.3 Msxml2.XMLHTTP.3.0 string-tcp informational true Response Handling Memory Corruption Exploit 28485.0 Microsoft Internet string-tcp high true Explorer Uninitialized Memory Corruption Vulnerability 28486.0 Microsoft Internet multi-string high true Explorer Uninitialized Memory Corruption Vulnerability 28499.0 Microsoft Silverlight and multi-string high true Microsoft .NET Framework Vulnerability 28601.0 Windows Cinepak Codec multi-string high true Decompression Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S505 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 22841.0 Novell GroupWise string-tcp high false Messenger Stack Overflow 24120.0 Cisco ASA RPC atomic-ip high true Vulnerability 24140.0 Cisco ASA RPC atomic-ip high true Vulnerability 24159.0 Cisco ASA RPC atomic-ip high true Vulnerability 25421.0 Java string-tcp high true HsbParser.getSoundBank Stack Overflow 27160.0 SAP Business One 2005 string-tcp high false License Manager Buffer Overflow 27219.0 Crafted IKE Message atomic-ip medium true Denial of Service Vulnerability 27499.0 PeaZip 2.6.1 Zip string-tcp high false Processing Command Injection 28139.0 SIP Inspection Denial of atomic-ip medium true Service Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3172.0 Ftp Cwd Overflow string-tcp high true 3537.0 MailEnable HTTP string-tcp high false Authorization Buffer Overflow 7288.0 ASUS DPC Proxy Buffer string-tcp high false Overflow CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S504 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24979.0 Symantec Norton Personal multi-string high false Firewall 2004 ActiveX Control Buffer Overflow 26960.0 CA eTrust PestPatrol multi-string medium false Anti-Spyware ActiveX Buffer Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16416.0 MS IE Remote Code string-tcp high true Execution 16957.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16958.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 17153.0 Microsoft PowerPoint RCE string-tcp high true Vulnerability 18421.0 Microsoft Office Excel string-tcp high true Remote Code Execution 19219.2 DirectShow QuickTime string-tcp informational true Media Processing Arbitrary Code Execution 19219.4 DirectShow QuickTime string-tcp informational true Media Processing Arbitrary Code Execution 19384.4 DirectX Pointer string-tcp informational true Validation Vulnerability 24579.1 MS Office Excel XLSX File string-tcp high true Parsing Code Execution 26379.0 Microsoft .NET XML atomic-ip high false Signature Syntax and Processing Vulnerability CAVEATS None. Modified signature(s) detail: The following signatures have bee tuned to improve performance: 26379-0,24579-1,19384-4,19219-4,19219-2,18421-0,17153-0,16958-0,16957-0 Signature 16416-0 has been retired. ================================================================================================= S503 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 27839.0 Windows LNK File Code multi-string high true Execution 27839.1 Windows LNK File Code meta high true Execution 27839.2 Windows LNK File Code service-smb-ad informational true Execution vanced 27839.3 Windows LNK File Code service-smb-ad informational true Execution vanced TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S502 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 17259.1 VideoLAN VLC Media Player string-tcp high false TiVo Demultiplexer Buffer Overflow Vulnerability 19199.1 Computer Associates string-tcp high false BrightStor ARCServe Backup LGServer Buffer Overflow 22139.0 GAMSoft Telsrv DoS string-tcp medium false Vulnerability 25859.0 Trellian FTP PASV string-tcp high false Response Buffer Overflow Vulnerability 26060.0 VLC Media Player SMB URI string-tcp high false Handling Remote Buffer Overflow Vulnerability 26519.0 Windows VUPlayer M3U string-tcp high false Buffer Overflow Vulnerability 26760.0 AOL ICQ ActiveX Remote multi-string high false Code Execution 27199.0 Cisco Internet Streamer service-http medium true Directory Traversal TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5738.1 Windows ACS Registry string-tcp informational false Access 5738.4 Windows ACS Registry meta medium false Access 5759.0 VNC Authentication Bypass string-tcp informational false 5759.2 VNC Authentication Bypass service-generi informational false c 5759.3 VNC Authentication Bypass meta high false 7291.0 VideoLAN VLC Media Player meta high false WAV Processing Integer Overflow 7291.1 VideoLAN VLC Media Player string-tcp informational false WAV Processing Integer Overflow 7296.0 Word RTF Object Parsing string-tcp high false Vulnerability 7297.0 MS Word Memory Corruption string-tcp high false Vulnerability 7298.0 MS Visual Basic Flexgrid meta high false Control Buffer Overflow 7298.1 MS Visual Basic Flexgrid string-tcp informational false Control Buffer Overflow 7300.1 Sharepoint Access Control string-tcp high false Vulnerability 7301.0 Excel Global Array Memory string-tcp high false Corruption 7307.0 MS SQL Server meta high false sp_replwritetovarbin memory overwrite 7307.1 MS SQL Server string-tcp informational false sp_replwritetovarbin memory overwrite 7307.2 MS SQL Server string-tcp informational false sp_replwritetovarbin memory overwrite 7308.0 DLL Memory Protection string-tcp high false Bypass 7415.0 OpenLDAP BER Decoding DoS string-tcp high false 7419.0 Visual Basic ActiveX meta high false Control RCE 7419.1 Visual Basic ActiveX string-tcp informational false Control RCE 7426.0 Shell32 ActiveX meta high false Vulnerability 7426.1 Shell32 ActiveX string-tcp informational false Vulnerability 7427.0 Shell32 ActiveX meta high false Vulnerability 7427.1 Shell32 ActiveX string-tcp informational false Vulnerability 7432.0 Word RTF Object Parsing meta high false Remote Code Execution 7432.1 Word RTF Object Parsing string-tcp informational false Remote Code Execution 7432.2 Word RTF Object Parsing string-tcp informational false Remote Code Execution 7436.0 File Format Parsing string-tcp high false Remote Code Execution 7438.0 MS DataGrid Control string-tcp high false Memory Corruption CAVEATS None. Modified signature(s) detail: The following signatures have been retired: 7438-0 MS DataGrid Control Memory Corruption 7436-0 File Format Parsing Remote Code Execution 7432-2 Word RTF Object Parsing Remote Code Execution 7432-1 Word RTF Object Parsing Remote Code Execution 7432-0 Word RTF Object Parsing Remote Code Execution 7427-1 Shell32 ActiveX Vulnerability 7427-0 Shell32 ActiveX Vulnerability 7426-1 Shell32 ActiveX Vulnerability 7426-0 Shell32 ActiveX Vulnerability 7419-1 Visual Basic ActiveX Control RCE 7419-0 Visual Basic ActiveX Control RCE 7415-0 OpenLDAP BER Decoding DoS 7308-0 DLL Memory Protection Bypass 7307-2 MS SQL Server sp_replwritetovarbin memory overwrite 7307-1 MS SQL Server sp_replwritetovarbin memory overwrite 7307-0 MS SQL Server sp_replwritetovarbin memory overwrite 7301-0 Excel Global Array Memory Corruption 7300-1 Sharepoint Access Control Vulnerability 7298-1 MS Visual Basic Flexgrid Control Buffer Overflow 7298-0 MS Visual Basic Flexgrid Control Buffer Overflow 7297-0 MS Word Memory Corruption Vulnerability 7296-0 Word RTF Object Parsing Vulnerability 7291-1 VideoLAN VLC Media Player WAV Processing Integer Overflow 7291-0 VideoLAN VLC Media Player WAV Processing Integer Overflow 5759-3 VNC Authentication Bypass 5759-2 VNC Authentication Bypass 5759-0 VNC Authentication Bypass 5738-4 Windows ACS Registry Access 5738-1 Windows ACS Registry Access ================================================================================================= S501 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 27259.0 Windows Media Format meta high false Remote Code Execution 27259.1 Windows Media Format string-tcp informational false Remote Code Execution 27259.2 Windows Media Format string-tcp informational false Remote Code Execution 27259.3 Windows Media Format string-tcp informational false Remote Code Execution 27259.4 Windows Media Format meta high false Remote Code Execution 27259.5 Windows Media Format string-tcp informational false Remote Code Execution 27259.6 Windows Media Format meta high false Remote Code Execution 27259.7 Windows Media Format string-tcp informational false Remote Code Execution TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6070.0 Windows Media Format meta high false Remote Code Execution 6070.1 Windows Media Format string-tcp informational false Remote Code Execution 6070.2 Windows Media Format string-tcp informational false Remote Code Execution 6070.3 Windows Media Format string-tcp informational false Remote Code Execution 6070.4 Windows Media Format meta high false Remote Code Execution 6070.5 Windows Media Format string-tcp informational false Remote Code Execution 6070.6 Windows Media Format meta high false Remote Code Execution 6070.7 Windows Media Format string-tcp informational false Remote Code Execution 6280.0 Messenger Information string-tcp low false Disclosure Vulnerability 6281.0 Malformed EPS Filter string-tcp high false Vulnerability 6282.1 Malformed PICT Filter string-tcp high false Vulnerability 6410.0 IE Unsafe Memory Operation meta high false 6410.1 IE Unsafe Memory Operation string-tcp informational false 6410.2 IE Unsafe Memory Operation string-tcp informational false 6780.0 IE Argument Handling meta high false Memory Corruption Vulnerability 6780.2 IE Argument Handling string-tcp informational false Memory Corruption Vulnerability 6960.0 IE Response Cross-Domain meta high false Info Disclosure 6960.1 IE Response Cross-Domain string-tcp informational false Info Disclosure 6960.2 IE Response Cross-Domain string-tcp informational false Info Disclosure 6970.0 DirectShow SAMI Parsing meta high false Remote Code Execution 6970.1 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6970.2 DirectShow SAMI Parsing meta high false Remote Code Execution 6970.3 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6970.4 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6971.0 Generic Exploit Component string-tcp informational false 6990.0 Visual Studio meta high false Msmask32.ocx ActiveX Buffer Overflow 6990.1 Visual Studio string-tcp informational false Msmask32.ocx ActiveX Buffer Overflow 6990.2 Visual Studio string-tcp informational false Msmask32.ocx ActiveX Buffer Overflow 6990.3 Visual Studio meta informational false Msmask32.ocx ActiveX Buffer Overflow 6990.4 Visual Studio string-tcp informational false Msmask32.ocx ActiveX Buffer Overflow 6990.5 Visual Studio string-tcp informational false Msmask32.ocx ActiveX Buffer Overflow 7221.0 Hierarchical FlexGrid meta high false Control Memory Corruption 7221.1 Hierarchical FlexGrid string-tcp informational false Control Memory Corruption 7221.2 Hierarchical FlexGrid string-tcp informational false Control Memory Corruption 7231.0 Windows Media Encoder 9 meta high false Remote Code Execution 7231.1 Windows Media Encoder 9 string-tcp informational false Remote Code Execution 7231.2 Windows Media Encoder 9 string-tcp informational false Remote Code Execution 7255.0 MSXML Chunked Request meta high false Vulnerability 7255.1 MSXML Chunked Request string-tcp informational false Vulnerability 7255.2 MSXML Chunked Request string-tcp informational false Vulnerability CAVEATS None. Modified signature(s) detail: 7255-2: This signature was retired. 7255-1: This signature was retired. 7255-0: This signature was retired. 7231-2: This signature was retired. 7231-1: This signature was retired. 7231-0: This signature was retired. 7221-2: This signature was retired. 7221-1: This signature was retired. 7221-0: This signature was retired. 6990-5: This signature was retired. 6990-4: This signature was retired. 6990-3: This signature was retired. 6990-2: This signature was retired. 6990-1: This signature was retired. 6990-0: This signature was retired. 6970-4: This signature was retired. 6970-3: This signature was retired. 6970-2: This signature was retired. 6970-1: This signature was retired. 6970-0: This signature was retired. 6960-2: This signature was retired. 6960-1: This signature was retired. 6960-0: This signature was retired. 6780-2: This signature was retired. 6780-0: This signature was retired. 6410-2: This signature was retired. 6410-1: This signature was retired. 6410-0: This signature was retired. 6282-1: This signature was retired. 6281-0: This signature was retired. 6280-0: This signature was retired. 6971-0: Obsoleted by 27259-0. 6070-7: Obsoleted by 27259-7. 6070-6: Obsoleted by 27259-6. 6070-5: Obsoleted by 27259-5. 6070-4: Obsoleted by 27259-4. 6070-3: Obsoleted by 27259-3. 6070-2: Obsoleted by 27259-2. 6070-1: Obsoleted by 27259-1. 6070-0: Obsoleted by 27259-0. ================================================================================================= S500 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 27060.0 Access ActiveX Control multi-string high true Vulnerability 27119.0 Microsoft Outlook SMB string-tcp high true Attachment Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3315.0 Microsoft Windows 9x string-tcp high false NetBIOS NULL Name Vulnerability 6282.0 Malformed PICT Filter string-tcp high false Vulnerability 6298.1 Creative Software string-tcp informational false AutoUpdate Engine ActiveX Stack-Overflow 6760.1 RealPlayer ActiveX Buffer string-tcp informational false Overflow 6760.2 RealPlayer ActiveX Buffer string-tcp low false overflow 7291.2 VideoLAN VLC Media Player string-tcp informational false WAV Processing Integer Overflow 11002.0 Gnutella Server Reply string-tcp low false 11006.0 Gnucleus File Request string-tcp low false 11249.0 Gadu-Gadu IM Message Sent string-tcp informational false 11250.0 Gadu-Gadu IM Message string-tcp informational false Received 16213.1 Orbit Downloader URL string-tcp informational false Processing Stack Buffer Overflow 16213.2 Orbit Downloader URL string-tcp informational false Processing Stack Buffer Overflow 16233.0 ClamAV AntiVirus CHM File multi-string high false Handling Denial of Service 16235.0 ClamAV AntiVirus CHM File multi-string high false Handling Denial of Service 19381.1 Embedded OpenType Font string-tcp high false Heap Overflow Vulnerability 19382.1 Embedded OpenType Font string-tcp high false Integer Overflow Vulnerability 26599.0 Microsoft Windows Help string-tcp high true and Support Center Whitelist Bypass Vulnerability CAVEATS None. Modified signature(s) detail: This following signatures were disabled and retired: 6282-0, 6298-1, 6760-1, 6760-2, 7291-2, 11002-0, 11006-0, 11249-0, 11250-0, 16213-1, 16213-2, 16233-0, 16235-0, 19381-1, 19382-1, 3315-0 ================================================================================================= S499 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 26819.0 Adobe Reader and Acrobat multi-string high false Vulnerability 26879.0 Adobe PDF File Containing string-tcp high true Malicous Flash File 26881.0 Adobe Acrobat Reader string-tcp high true Vulnerability 26882.0 Adobe Acrobat Reader string-tcp high true Vulnerability 26885.0 Adobe Acrobat and Reader string-tcp high true File Validation Vulnerability 26886.0 Adobe Acrobat and Reader multi-string high true Memory Corruption 26887.0 Adobe PDF File Parsing multi-string high true Arbitrary Code Execution 26899.0 Adobe Reader Vulnerability string-tcp high true 26900.0 Adobe Reader Vulnerability multi-string high true 26901.0 Adobe PDF Launch Action string-tcp high true Exploits 26919.0 Acrobat PDF Arbitrary string-tcp high true Code Execution Vulnerability 26940.0 Adobe PDF Document multi-string high true Validation Memory Corruption Exploit TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5801.1 Quicktime JPEG Code multi-string high false Execution Overflow 5821.0 DirectAnimation ActiveX meta high false Memory Corruption 5821.1 DirectAnimation ActiveX string-tcp informational false Memory Corruption 5821.2 DirectAnimation ActiveX string-tcp informational false Memory Corruption 6795.0 Panda ActiveScan ActiveX meta high false Overflow 6976.0 Microsoft Powerpoint 2003 string-tcp high false Viewer Buffer Overflow 6995.0 GDI EMF Memory Corruption string-tcp high false Vulnerability 6997.0 OneNote Uniform Resource string-tcp high false Locator Validation Error Vulnerability 7235.0 CoolPlayer m3u Playlist string-tcp high false Stack Overflow 7271.0 GDI+ VML Buffer Overrun string-tcp high false Vulnerability 11004.0 Bearshare File Request string-tcp low false 11032.0 Share TCP Detected service-p2p low true 15733.0 MS Excel Invalid Object string-tcp high true Arbitrary Code Execution 15996.0 Apple QuickTime VR Track string-tcp high false Header Atom Corruption 19460.0 CA ARCserve Backup string-tcp high false LGServer Handshake Buffer Overflow 21319.1 Novell Client For Windows string-tcp medium false 2000/XP ActiveX Remote DoS Vulnerability 21459.0 Media Runtime Heap string-tcp high true Corruption Vulnerability 26199.0 AgentX++ Component string-tcp high false Integer Overflow CAVEATS None. Modified signature(s) detail: 26199-0: This signature was retired 21459-0: This signature was modified to improve performance 21319-1: This signature was retired 19460-0: This signature was retired 15996-0: This signature was retired 15733-0: This signature was modified to improve performance 11032-0: Benign triggers information was updated in this signature 11004-0: This signature was retired 7271-0: This signature was retired 7235-0: This signature was retired 6997-0: This signature was retired 6995-0: This signature was retired 6976-0: This signature was retired 6795-0: This signature was retired 5821-2: This signature was retired 5821-1: This signature was retired 5821-0: This signature was retired 5801-1: This signature was retired ================================================================================================= S498 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 26719.0 Adobe Flash Player Memory multi-string high true Corruption Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S497 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5506.2 Back Orifice Ping atomic-ip medium false 6494.0 IMAP APPEND Date Buffer string-tcp high false Overflow 21919.0 Domino Server IMAP string-tcp high true Mailbox Name Buffer Overflow 24959.0 HP OpenView Storage Data string-tcp high true Protector Buffer Overflow 25079.0 HP LoadRunner 9.0 ActiveX multi-string medium false AddFolder Buffer Overflow 25119.0 Oracle Secure Enterprise service-http high false Search Cross Site Scripting 25422.0 Sun Directory Server 7.0 string-tcp medium true core_get_proxyauth_dn Denial Of Service 25619.0 UltraVNC VNCViewer string-tcp high false Authenticate Buffer Overflow 25679.0 Microsoft Word mso.dll string-tcp high false LsCreateLine Memory Corruption 25739.0 Test-Cgi File Access service-http low false Vulnerability 26199.0 AgentX++ Component string-tcp high true Integer Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6767.0 Microsoft Windows RSH string-tcp high true Daemon Stack Overflow 6930.2 Office Web Components URL string-tcp informational true Parsing Vulnerability 6969.0 Microsoft Word Smart Tag string-tcp high true Corruption Exploit 6972.0 Rosoft Media Player string-tcp high true Overflow 7235.0 CoolPlayer m3u Playlist string-tcp high false Stack Overflow 7242.0 Windows GDI+ Denial of string-tcp medium true Service 7246.0 Microsoft Excel string-tcp high true Spreadsheet Buffer Overflow 7264.3 Adobe util.printf string-tcp high true JavaScript Stack Buffer Overflow 7301.0 Excel Global Array Memory string-tcp high true Corruption 7308.0 DLL Memory Protection string-tcp high true Bypass CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S496 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5406.2 Illegal MHTML URL string-tcp high false 5464.4 Computer Associates string-tcp high false License Suite Network Buffer Overflow 20004.1 Microsoft Internet multi-string high true Explorer Malformed Web Page Handling Vulnerability 21220.0 BEA Weblogic Server string-tcp high true Console-help.portal Cross-Site Scripting 24519.0 Firebird SQL string-tcp medium false op_connect_request Denial of Service 24863.0 IBM Access Support string-tcp high true ActiveX Stack Overflow Exploit 24919.0 Arugizer Trojan string-tcp high false 25780.0 FTP STOR rhost string-tcp medium true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5845.0 Word Memory Corruption string-tcp high true Exploit 6278.1 Office Web Components string-tcp informational true DataSource Vulnerability 6281.0 Malformed EPS Filter string-tcp high true Vulnerability 6541.0 Microsoft Project string-tcp high true Malformed File Exploit 6784.0 Adobe PDF Code Execution string-tcp high true 6785.1 Microsoft Visual Basic string-tcp informational true VBP File Processing Buffer Overflow 6793.1 Microsoft Windows GDI string-tcp high true Image Handling 6923.1 Word Memory Corruption string-tcp informational true Vulnerability 17077.2 PowerPoint Legacy File string-tcp high true Format 21459.0 Media Runtime Heap string-tcp high true Corruption Vulnerability 21920.0 Microsoft Excel Remote string-tcp high true Code Execution 22039.0 Microsoft Excel Remote string-tcp high true Code Execution 22739.0 Microsoft GdiPlus EMF string-tcp medium true Denial Of Service PoC CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S495 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 26021.0 Cisco UCCX Information service-http medium true Disclosure Vulnerability 26460.3 Malicious Adobe File multi-string high true Exploit 26599.0 Microsoft Windows Help string-tcp high true and Support Center Whitelist Bypass Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S494 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 26460.0 Malicious Adobe File multi-string high true Exploit 26460.1 Malicious Adobe File multi-string high true Exploit 26460.2 Malicious Adobe File multi-string high true Exploit TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S493 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 26179.0 IE Memory Corruption string-tcp high true Vulnerability 26200.0 Microsoft Excel Memory multi-string high true Corruption 26201.0 Microsoft Excel Memory multi-string high true Corruption 26202.0 Microsoft Windows string-tcp high true Malicious ActiveX Instantiation 26219.0 Microsoft Excel Memory multi-string high true Corruption 26220.0 Microsoft Excel EDG multi-string high true Memory Corruption 26221.0 Microsoft Office Remote string-tcp high true Code Execution Vulnerability 26240.0 Microsoft Office Excel multi-string high true Code Execution Vulnerability 26241.0 Microsoft Office Memory string-tcp high true Corruption 26259.0 SharePoint Server 2007 string-tcp high true Help Page Processing Denial Of Service 26279.0 Microsoft Excel Record multi-string high true Stack Corruption Vulnerability 26280.0 Microsoft DirectShow string-tcp high true Media File Decompression Memory Corruption 26281.0 Microsoft Excel Memory multi-string high true Corruption Vulnerability 26299.0 Microsoft DirectShow string-tcp high true Media File Processing Arbitrary Code Execution Vulnerability 26300.0 Microsoft June 2010 string-tcp high true Killbit Update 26319.0 Microsoft Excel Remote string-tcp high true Code Execution 26359.0 Internet Explorer Zone string-tcp high true Bypass 26379.0 Microsoft .NET XML atomic-ip high true Signature Syntax and Processing Vulnerability 26380.0 Microsoft Excel Record multi-string high true Memory Corruption Vulnerability 26400.0 Microsoft Excel Memory multi-string high true Corruption Exploit 26401.0 Microsoft Internet string-tcp low true Explorer 8 XSS 26402.0 Microsoft Internet string-tcp high true Explorer Memory Corruption Exploit 26419.0 Excel String Variable string-tcp high true Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S492 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5577.1 SMB Secure NULL Login service-smb-ad informational true Attempt vanced 23879.0 Cisco Network Building multi-string medium true Mediator Unauthorized Information Access 24241.0 Cisco Network Building service-http high true Mediator Default Credentials 24739.0 Cisco Network Building service-http high true Mediator HTTP Privilege Escalation TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S491 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 26080.0 Microsoft Windows multi-string medium true Canonical Display Driver Denial of Service TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S490 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 25962.0 Cisco PGW 2200 Softswitch atomic-ip medium true Malformed MGCP Packet Vulnerability 25979.0 Malformed SIP Message DoS string-tcp high true 25999.0 Malformed SIP Packet atomic-ip high false Denial of Service TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20481.0 Malformed SIP Message string-tcp medium false 20481.1 Malformed SIP Message atomic-ip medium false CAVEATS None. Modified signature(s) detail: The following signatures have modified signature descriptions: 20481-0 Malformed SIP Message 20481-1 Malformed SIP Message ================================================================================================= S489 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 25919.0 Microsoft VBA Remote Code multi-string high true Execution 25959.0 Microsoft Windows Mail string-tcp high true POP3 Remote Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S488 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23781.0 IBM DB2 Universal string-tcp high true Database XMLQUERY Buffer Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5477.0 Possible Heap Payload string-tcp low true Construction 5477.1 Possible Heap Payload string-tcp low true Construction 5920.0 Apple Quicktime string-tcp high true VRPanoSampleAtom Heap Overflow 6111.0 RPC RUSESRD Sweep meta medium true 6986.0 Microsoft IE HTML Objects string-tcp high true Memory Corruption Exploit 20183.0 AVI Integer Overflow string-tcp high true Vulnerability 20183.1 AVI Integer Overflow string-tcp high true Vulnerability CAVEATS None. Modified signature(s) detail: The following signatures are modified to reduce SFR: 6111-0 RPC RUSESRD Sweep The following signatures have modified regexes: 5920-0 Apple Quicktime VRPanoSampleAtom Heap Overflow 5477-1 Possible Heap Payload Construction 5477-0 Possible Heap Payload Construction 6986-0 Microsoft IE HTML Objects Memory Corruption Exploit 20183-1 AVI Integer Overflow Vulnerability 20183-0 AVI Integer Overflow Vulnerability ================================================================================================= S487 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 25839.0 Sharepoint Server 2007 XSS service-http high true TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S486 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 22899.0 Redhat Directory Server service-http high true HTTP Header Parsing Overflow 23359.0 Microsoft IE string-tcp high false Uninitialized Layout Memory Corruption Vulnerability 25419.0 BigAnt IM Server USV string-tcp high false Request Buffer Overflow TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S485 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 15017.1 Oracle Secure Backup service-http high false Login.php Command Injection 24300.0 Quicktime Video File string-tcp high false Remote Code Execution 24620.0 ET Trojan service-http high true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5329.0 Apache/mod_ssl Worm Probe service-http high false 15012.0 Oracle BEA WebLogic service-http medium true Server Apache Connector Buffer Overflow CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S484 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 25479.0 Java Web Start Remote multi-string high true Code Execution Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S483 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 25280.0 MPEG Layer-3 Audio multi-string high true Decoder Stack Overflow 25300.0 Microsoft Office string-tcp high true Publisher File Conversion TextBox Processing Buffer Overflow 25320.0 Microsoft Windows SMB service-smb-ad high true Client Transaction vanced Vulnerability 25320.1 Microsoft Windows SMB service-smb-ad high true Client Response Parsing vanced Vulnerability 25321.0 Microsoft Visio Remote string-tcp high true Code Execution 25339.0 Media Services string-tcp high true Stack-based Buffer Overflow Vulnerability 25359.0 Microsoft Windows Server atomic-ip high true SMTP Denial of Service 25399.0 Visio Index Calculation multi-string high true Memory Corruption 25439.0 Microsoft Windows SMB string-tcp high true Client Message Size Vulnerability 25459.0 Windows Media Player Code multi-string medium true Execution 25460.0 SMB Client Remote Code atomic-ip high true Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S482 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24179.0 Oracle Database Server string-tcp high true CREATE_TABLES SQL Injection 24381.0 IIS ExAir DoS service-http medium false 24381.1 IIS ExAir DoS service-http medium false 24381.2 IIS ExAir DoS service-http medium false 24759.0 Apple CUPS PNG Filter multi-string high false Large Image Height Integer Buffer Overflow TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S481 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24139.0 FFmpeg vmd_read_header multi-string high false Integer Overflow 25020.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution 25022.0 HTML Object Memory meta high true Corruption Vulnerability 25022.1 HTML Object Memory string-tcp informational true Corruption Vulnerability 25022.2 HTML Object Memory string-tcp informational true Corruption Vulnerability 25022.3 HTML Object Memory string-tcp informational true Corruption Vulnerability 25023.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution 25024.0 Internet Explorer 7 multi-string high true Information Leak 25025.0 Internet Explorer Memory string-tcp high true Corruption 25040.0 HTML Rendering Memory string-tcp high true Corruption Vulnerability 25041.0 Microsoft IE 7.0 Race multi-string high true Condition 25042.0 Microsoft Internet meta high true Explorer Remote Code Execution 25042.1 Microsoft Internet string-tcp informational true Explorer Remote Code Execution 25042.2 Microsoft Internet string-tcp informational true Explorer Remote Code Execution 25059.0 HTML Element Cross-Domain string-tcp medium true Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 11032.0 Share TCP Detected service-p2p low true 11033.0 Share UDP Detected service-p2p low true CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S480 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 11032.0 Share TCP Detected service-p2p medium true 11033.0 Share UDP Detected service-p2p medium true 50002.0 ICS_TEST_FILE multi-string low true 50010.0 WORM_SOBER multi-string medium true 50010.1 WORM_SOBER multi-string medium true 50011.0 WORM_MYTOB multi-string medium true 50011.1 WORM_MYTOB multi-string medium true 50012.0 TROJ_SMALL multi-string medium true 50012.1 TROJ_SMALL multi-string medium true 50012.2 TROJ_SMALL multi-string medium true 50012.3 TROJ_SMALL multi-string medium true 50013.0 BKDR_VANBOT multi-string medium true 50013.1 BKDR_VANBOT multi-string medium true 50013.2 BKDR_VANBOT multi-string medium false 50013.3 BKDR_VANBOT multi-string medium true 50013.4 BKDR_VANBOT multi-string medium true 50013.5 BKDR_VANBOT multi-string medium true TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S479 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24119.0 Cisco CUBE SIP atomic-ip high true Vulnerability 24119.0 Cisco CUBE SIP atomic-ip high true Vulnerability 24600.0 Cisco IOS SIP DoS atomic-ip medium false 24600.0 Cisco IOS SIP DoS atomic-ip medium false 24760.0 Cisco IOS SIP DoS atomic-ip medium true 24760.0 Cisco IOS SIP DoS atomic-ip medium true 24780.0 Cisco IOS Crafted LDP atomic-ip medium true Packet Denial of Service Vulnerability 24780.0 Cisco IOS Crafted LDP atomic-ip medium true Packet Denial of Service Vulnerability 24781.0 Cisco IOS Malformed SCCP atomic-ip high true Vulnerability 24781.0 Cisco IOS Malformed SCCP atomic-ip high true Vulnerability 24799.0 Cisco IOS Malformed SCCP atomic-ip high true Vulnerability 24799.0 Cisco IOS Malformed SCCP atomic-ip high true Vulnerability 24899.0 Cisco IOS Software H.323 string-tcp medium true DoS 24899.0 Cisco IOS Software H.323 string-tcp medium true DoS TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S478 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24259.0 Nagios statuswml.cgi service-http high false Arbitrary Command Execution Vulnerability 24259.0 Nagios statuswml.cgi service-http high false Arbitrary Command Execution Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5232.1 URL with XSS service-http high false 5232.1 URL with XSS service-http high false 7430.0 Microsoft Internet string-tcp high false Explorer Embedded Object Code Execution 7430.0 Microsoft Internet string-tcp high false Explorer Embedded Object Code Execution 17824.0 Backdoor sharK 2.3.0 string-tcp high false 17824.0 Backdoor sharK 2.3.0 string-tcp high false CAVEATS None. Modified signature(s) detail: 5232-1 Is Modified & Retired 7430-0 Is Modified & Retired 17824-0 Is Modified & Retired 24259-0 Is New & Retired ================================================================================================= S477 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20645.0 Mozilla Products string-tcp high false QueryInterface Method Memory Corruption 20645.0 Mozilla Products string-tcp high false QueryInterface Method Memory Corruption 20842.0 Symantec Products string-tcp high false SupportSoft ActiveX Control Buffer Overflow 20842.0 Symantec Products string-tcp high false SupportSoft ActiveX Control Buffer Overflow 23679.0 Adobe Download Manager meta high true ActiveX Buffer Overflow Vulnerability 23679.0 Adobe Download Manager meta high true ActiveX Buffer Overflow Vulnerability 23679.1 Adobe Download Manager string-tcp informational true ActiveX Buffer Overflow Vulnerability 23679.1 Adobe Download Manager string-tcp informational true ActiveX Buffer Overflow Vulnerability 23679.2 Adobe Download Manager string-tcp informational true ActiveX Buffer Overflow Vulnerability 23679.2 Adobe Download Manager string-tcp informational true ActiveX Buffer Overflow Vulnerability 24039.0 HP OpenView Network Node meta high true Manager nnmRptConfig.exe Buffer Overflow 24039.0 HP OpenView Network Node meta high true Manager nnmRptConfig.exe Buffer Overflow 24039.1 HP OpenView Network Node service-http informational true Manager nnmRptConfig.exe Buffer Overflow 24039.1 HP OpenView Network Node service-http informational true Manager nnmRptConfig.exe Buffer Overflow 24039.2 HP OpenView Network Node string-tcp informational true Manager nnmRptConfig.exe Buffer Overflow 24039.2 HP OpenView Network Node string-tcp informational true Manager nnmRptConfig.exe Buffer Overflow 24199.0 TCP Source Port 0 atomic-ip medium true 24199.0 TCP Source Port 0 atomic-ip medium true 24199.1 UDP Source Port 0 atomic-ip medium true 24199.1 UDP Source Port 0 atomic-ip medium true 24879.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution 24879.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S476 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24559.0 Microsoft Excel Memory string-tcp high true Corruption 24559.0 Microsoft Excel Memory string-tcp high true Corruption 24579.0 MS Office Excel XLSX File string-tcp high true Parsing Code Execution 24579.0 MS Office Excel XLSX File string-tcp high true Parsing Code Execution 24579.1 MS Office Excel XLSX File string-tcp high true Parsing Code Execution 24579.1 MS Office Excel XLSX File string-tcp high true Parsing Code Execution 24580.0 Windows Movie Maker multi-string high true Buffer Overflow 24580.0 Windows Movie Maker multi-string high true Buffer Overflow 24599.0 Microsoft Office Excel multi-string high true MDXSET Record Heap Overflow Exploit 24599.0 Microsoft Office Excel multi-string high true MDXSET Record Heap Overflow Exploit 24639.0 Microsoft Office Remote string-tcp high true Code Execution 24639.0 Microsoft Office Remote string-tcp high true Code Execution 24699.0 Microsoft Excel Remote string-tcp high true Code Execution 24699.0 Microsoft Excel Remote string-tcp high true Code Execution 24719.0 Microsoft Office Excel multi-string high true FNGROUPNAME Record Memory Vulnerability 24719.0 Microsoft Office Excel multi-string high true FNGROUPNAME Record Memory Vulnerability 24779.0 Microsoft Excel Remote multi-string high true Code Execution 24779.0 Microsoft Excel Remote multi-string high true Code Execution 24779.1 Microsoft Excel Remote multi-string high true Code Execution 24779.1 Microsoft Excel Remote multi-string high true Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S475 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24359.0 CUCM Malformed SIP atomic-ip high true Message DoS 24359.0 CUCM Malformed SIP atomic-ip high true Message DoS TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S474 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24539.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution 24539.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S473 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24000.0 GDI+ PNG Integer Overflow string-tcp high true Vulnerability 24000.0 GDI+ PNG Integer Overflow string-tcp high true Vulnerability 24301.0 Apple QuickTime/Darwin service-http high false Streaming Server Command Execution Vulnerability 24301.0 Apple QuickTime/Darwin service-http high false Streaming Server Command Execution Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 1102.0 Impossible IP Packet atomic-ip high true 1102.0 Impossible IP Packet atomic-ip high true 3652.0 SSH Gobbles string-tcp high true 3652.0 SSH Gobbles string-tcp high true 6781.0 SIP Proxy Response atomic-ip high true Overflow 6781.0 SIP Proxy Response atomic-ip high true Overflow 16913.0 Mozilla Firefox IFrame string-tcp high false Style Change Handling Code Execution 16913.0 Mozilla Firefox IFrame string-tcp high false Style Change Handling Code Execution 17349.0 Adobe PDF Reader plug-in string-tcp high false AcroPDF.dll DoS 17349.0 Adobe PDF Reader plug-in string-tcp high false AcroPDF.dll DoS 20843.0 Sourcefire Snort DCE-RPC string-tcp high false Preprocessor Buffer Overflow 20843.0 Sourcefire Snort DCE-RPC string-tcp high false Preprocessor Buffer Overflow 24339.0 NIDS HTTP evasion service-http high false 24339.0 NIDS HTTP evasion service-http high false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S472 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 2001.2 ICMP Host Unreachable atomic-ip informational false 2001.2 ICMP Host Unreachable atomic-ip informational false 6045.0 MHTTP Response Splitting service-http medium false 6045.0 MHTTP Response Splitting service-http medium false 7424.0 Mozilla FireFox meta medium false Http-Index-Format Buffer Overflow 7424.0 Mozilla FireFox meta medium false Http-Index-Format Buffer Overflow 7424.1 Mozilla FireFox string-tcp informational false Http-Index-Format Buffer Overflow 7424.1 Mozilla FireFox string-tcp informational false Http-Index-Format Buffer Overflow 7424.2 Mozilla FireFox string-tcp informational false Http-Index-Format Buffer Overflow 7424.2 Mozilla FireFox string-tcp informational false Http-Index-Format Buffer Overflow 7424.3 Mozilla FireFox string-tcp informational false Http-Index-Format Buffer Overflow 7424.3 Mozilla FireFox string-tcp informational false Http-Index-Format Buffer Overflow 16176.3 NCTsoft NCTAudioFile2 string-tcp informational true ActiveX Control Remote Buffer Overflow 16176.3 NCTsoft NCTAudioFile2 string-tcp informational true ActiveX Control Remote Buffer Overflow 23319.0 Sybase MobiLink Buffer string-tcp high false Overflow Vulnerability 23319.0 Sybase MobiLink Buffer string-tcp high false Overflow Vulnerability 23499.0 F-Secure Anti-Virus LHA string-tcp high false File Buffer Overflow Exploit 23499.0 F-Secure Anti-Virus LHA string-tcp high false File Buffer Overflow Exploit 23699.0 HP OpenView Network Node meta high true Manager Buffer Overflow 23699.0 HP OpenView Network Node meta high true Manager Buffer Overflow 23699.1 HP OpenView Network Node service-http informational true Manager Buffer Overflow 23699.1 HP OpenView Network Node service-http informational true Manager Buffer Overflow 23699.2 HP OpenView Network Node string-tcp informational true Manager Buffer Overflow 23699.2 HP OpenView Network Node string-tcp informational true Manager Buffer Overflow 23700.2 HP OpenView Network Node string-tcp informational true Manager Buffer Overflow 23700.2 HP OpenView Network Node string-tcp informational true Manager Buffer Overflow 23780.0 Adobe Flash Player multi-string high true ActionScript intrf_count Integer Overflow 23780.0 Adobe Flash Player multi-string high true ActionScript intrf_count Integer Overflow 23860.0 Novell iPrint Client meta high true ienipp.ocx Remote Buffer Overflow 23860.0 Novell iPrint Client meta high true ienipp.ocx Remote Buffer Overflow 24339.0 NIDS HTTP evasion service-http high true 24339.0 NIDS HTTP evasion service-http high true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5126.0 WWW IIS .ida Indexing service-http high false Service Overflow 5126.0 WWW IIS .ida Indexing service-http high false Service Overflow 5474.1 SQL Query in HTTP Request service-http low true 5474.1 SQL Query in HTTP Request service-http low true 5684.7 Malformed SIP Packet atomic-ip medium true 5684.7 Malformed SIP Packet atomic-ip medium true 5820.0 Symantec AntiVirus and string-tcp high true Client Security Buffer Overflow 5820.0 Symantec AntiVirus and string-tcp high true Client Security Buffer Overflow 16176.0 NCTsoft NCTAudioFile2 meta high true ActiveX Control Remote Buffer Overflow 16176.0 NCTsoft NCTAudioFile2 meta high true ActiveX Control Remote Buffer Overflow 17117.0 Microsoft Rich Textbox string-tcp high false Control SaveFile Insecure Method Arbitrary File Overwrite 17117.0 Microsoft Rich Textbox string-tcp high false Control SaveFile Insecure Method Arbitrary File Overwrite 20779.0 Windows Media Header multi-string high true Parsing Invalid Free Vulnerability 20779.0 Windows Media Header multi-string high true Parsing Invalid Free Vulnerability 21979.0 Microsoft Office Word multi-string high true Document Malformed Record 21979.0 Microsoft Office Word multi-string high true Document Malformed Record CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S471 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7419.0 Visual Basic ActiveX meta high true Control RCE 7419.0 Visual Basic ActiveX meta high true Control RCE 7419.1 Visual Basic ActiveX string-tcp informational true Control RCE 7419.1 Visual Basic ActiveX string-tcp informational true Control RCE 20559.0 ACal Cookie Based service-http high false Authentication Bypass 20559.0 ACal Cookie Based service-http high false Authentication Bypass 21179.0 Squid HTTP Data string-tcp medium true Processing Remote Denial of Service 21179.0 Squid HTTP Data string-tcp medium true Processing Remote Denial of Service 21640.0 Microsoft IIS 5.0 WebDav service-http high true Request Directory Security Bypass 21640.0 Microsoft IIS 5.0 WebDav service-http high true Request Directory Security Bypass 21779.0 Application Server BPEL service-http high true Module Cross-Site Scripting 21779.0 Application Server BPEL service-http high true Module Cross-Site Scripting 22060.0 CCProxy Logging Function string-tcp high false Unspecified Remote Buffer Overflow Vulnerability 22060.0 CCProxy Logging Function string-tcp high false Unspecified Remote Buffer Overflow Vulnerability 22359.0 Windows Compressed multi-string high false Folders Buffer Overflow 22359.0 Windows Compressed multi-string high false Folders Buffer Overflow 22519.0 HP OpenView Network Node meta high true Manager Toolbar.exe CGI Buffer Overflow Vulnerability 22519.0 HP OpenView Network Node meta high true Manager Toolbar.exe CGI Buffer Overflow Vulnerability 22519.1 HP OpenView Network Node service-http informational true Manager Toolbar.exe CGI Buffer Overflow Vulnerability 22519.1 HP OpenView Network Node service-http informational true Manager Toolbar.exe CGI Buffer Overflow Vulnerability 22519.2 HP OpenView Network Node string-tcp informational true Manager Toolbar.exe CGI Buffer Overflow Vulnerability 22519.2 HP OpenView Network Node string-tcp informational true Manager Toolbar.exe CGI Buffer Overflow Vulnerability 22779.0 Novell eDirectory dhost service-http high true HTTPSTK Buffer Overflow 22779.0 Novell eDirectory dhost service-http high true HTTPSTK Buffer Overflow 22780.0 IBM Installation Manager string-tcp high true iim:// URI Handling Code Execution 22780.0 IBM Installation Manager string-tcp high true iim:// URI Handling Code Execution 23539.0 TrendMicro Web-Deployment multi-string high true ActiveX Remote Code Execution 23539.0 TrendMicro Web-Deployment multi-string high true ActiveX Remote Code Execution 23700.0 HP OpenView Network Node meta high true Manager Buffer Overflow 23700.0 HP OpenView Network Node meta high true Manager Buffer Overflow 23700.1 HP OpenView Network Node service-http informational true Manager Buffer Overflow 23700.1 HP OpenView Network Node service-http informational true Manager Buffer Overflow 23860.1 Novell iPrint Client string-tcp informational true ienipp.ocx Remote Buffer Overflow 23860.1 Novell iPrint Client string-tcp informational true ienipp.ocx Remote Buffer Overflow 23860.2 Novell iPrint Client string-tcp informational true ienipp.ocx Remote Buffer Overflow 23860.2 Novell iPrint Client string-tcp informational true ienipp.ocx Remote Buffer Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6025.0 Jet DB Engine Buffer string-tcp high false Overflow 6025.0 Jet DB Engine Buffer string-tcp high false Overflow 6039.0 DOMNodeRemoved Mutation string-tcp high false Memory Corruption 6039.0 DOMNodeRemoved Mutation string-tcp high false Memory Corruption 6204.0 IIS Source Code Disclosure service-http high false 6204.0 IIS Source Code Disclosure service-http high false 6220.0 Retrospect Backup Agent string-tcp high false Denial of Service 6220.0 Retrospect Backup Agent string-tcp high false Denial of Service 6488.0 Symantec Veritas string-tcp high false NetBackup Command Chaining 6488.0 Symantec Veritas string-tcp high false NetBackup Command Chaining 6491.0 Alt-N MDAEMON IMAP Server string-tcp high false Heap Overflow 6491.0 Alt-N MDAEMON IMAP Server string-tcp high false Heap Overflow 6496.0 Microsoft Internet string-tcp high false Explorer URL Spoofing Vulnerability Details 6496.0 Microsoft Internet string-tcp high false Explorer URL Spoofing Vulnerability Details 6515.0 Invalid SIP Response Code atomic-ip medium true 6515.0 Invalid SIP Response Code atomic-ip medium true 6743.0 Novell ZENworks Asset string-tcp high false Mangement Overflow 6743.0 Novell ZENworks Asset string-tcp high false Mangement Overflow 6759.0 Apple Safari Regular string-tcp high false Expression Overflow 6759.0 Apple Safari Regular string-tcp high false Expression Overflow 6782.0 SIP MIME Request Boundary atomic-ip high true Overflow 6782.0 SIP MIME Request Boundary atomic-ip high true Overflow 7418.0 Mozilla NNTP Heap Overflow string-tcp high false 7418.0 Mozilla NNTP Heap Overflow string-tcp high false 17268.0 IntelliTamper HTML 'href' string-tcp high false Parsing Buffer Overflow Vulnerability 17268.0 IntelliTamper HTML 'href' string-tcp high false Parsing Buffer Overflow Vulnerability 17317.0 Mozilla Firefox OnUnload string-tcp high false Memory Corruption 17317.0 Mozilla Firefox OnUnload string-tcp high false Memory Corruption 18299.1 Firefox Browser Spoof string-tcp high false Vulnerability 18299.1 Firefox Browser Spoof string-tcp high false Vulnerability 18499.0 Konqueror Javascript string-tcp high false Iframe DOS 18499.0 Konqueror Javascript string-tcp high false Iframe DOS 18839.0 PyLocale_strxfrm string-tcp high false Off-By-One Memory Disclosure 18839.0 PyLocale_strxfrm string-tcp high false Off-By-One Memory Disclosure 18859.0 LibWPD Library Buffer string-tcp high false Overflow 18859.0 LibWPD Library Buffer string-tcp high false Overflow 19122.0 RealNetworks RealPlayer string-tcp high false SWF Flash File Buffer Overflow 19122.0 RealNetworks RealPlayer string-tcp high false SWF Flash File Buffer Overflow 19239.0 CA BrightStor ARCserve string-tcp high false Backup XDR Parsing Buffer Overflow 19239.0 CA BrightStor ARCserve string-tcp high false Backup XDR Parsing Buffer Overflow 19419.0 CA Brightstor ARCserve string-tcp high false Backup caloggerd Opcode 79 Stack Buffer Overflow 19419.0 CA Brightstor ARCserve string-tcp high false Backup caloggerd Opcode 79 Stack Buffer Overflow 19800.0 427BB Cookie-based service-http high false Authentication Bypass 19800.0 427BB Cookie-based service-http high false Authentication Bypass 20360.0 Xunlei Activity string-tcp low true 20360.0 Xunlei Activity string-tcp low true 21662.0 Process PHP login string-tcp high false parameter SQL Injection Vulnerability 21662.0 Process PHP login string-tcp high false parameter SQL Injection Vulnerability 22480.0 Symantec Alert Management multi-string high true System Intel Alert Originator Service Buffer Overflow 22480.0 Symantec Alert Management multi-string high true System Intel Alert Originator Service Buffer Overflow 22579.0 Internet Explorer CSS string-tcp high true Remote Code Execution 22579.0 Internet Explorer CSS string-tcp high true Remote Code Execution 23099.0 Obfuscated PDF Document multi-string high true 23099.0 Obfuscated PDF Document multi-string high true 23479.0 Metasploit Aurora Module multi-string high true 23479.0 Metasploit Aurora Module multi-string high true CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S470 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 24219.0 Long SIP REGISTER Message atomic-ip medium true 24219.0 Long SIP REGISTER Message atomic-ip medium true 24279.0 Malformed SIP Packet atomic-ip medium true 24279.0 Malformed SIP Packet atomic-ip medium true TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S469 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5693.2 Metafile Buffer Overflow string-tcp high false 5693.2 Metafile Buffer Overflow string-tcp high false 17263.0 FTP 3CDaemon Information string-tcp high false Disclosure 17263.0 FTP 3CDaemon Information string-tcp high false Disclosure 17270.0 Apple Safari string-tcp high false Document.Location.Hash Buffer Overflow Vulnerability 17270.0 Apple Safari string-tcp high false Document.Location.Hash Buffer Overflow Vulnerability 17618.0 IBM Proventia Input string-tcp high false Validation Flaw 17618.0 IBM Proventia Input string-tcp high false Validation Flaw 17619.0 MS Internet Explorer string-tcp medium false ADODB DoS 17619.0 MS Internet Explorer string-tcp medium false ADODB DoS 18519.1 Microsoft Windows WMF multi-string high false Handling Arbitrary Code Execution 18519.1 Microsoft Windows WMF multi-string high false Handling Arbitrary Code Execution 19400.0 Symantec Firewall multi-string high false Products WrapNISUM Class Remote Command Execution Vulnerability 19400.0 Symantec Firewall multi-string high false Products WrapNISUM Class Remote Command Execution Vulnerability 21019.0 Microsoft SQL Server 2000 string-tcp high true Client Components ActiveX Control Buffer Overflow 21019.0 Microsoft SQL Server 2000 string-tcp high true Client Components ActiveX Control Buffer Overflow 21442.0 Firefox Plugin Finder string-tcp high false Javascript Injection Vulnerability 21442.0 Firefox Plugin Finder string-tcp high false Javascript Injection Vulnerability 21442.1 Firefox Plugin Finder string-tcp high false Javascript Injection Vulnerability 21442.1 Firefox Plugin Finder string-tcp high false Javascript Injection Vulnerability 22419.0 IE URL Parsing Memory string-tcp high false Corruption Vulnerability 22419.0 IE URL Parsing Memory string-tcp high false Corruption Vulnerability 22522.0 Firefox Resource Directory string-tcp low true 22522.0 Firefox Resource Directory string-tcp low true 22679.0 Malicious Adobe Reader string-tcp high false PDF File 22679.0 Malicious Adobe Reader string-tcp high false PDF File 22679.1 Malicious Adobe Reader string-tcp high false PDF File 22679.1 Malicious Adobe Reader string-tcp high false PDF File 22840.0 Yahoo Messenger string-tcp high false YVerInfo.dll ActiveX Buffer Overflow 22840.0 Yahoo Messenger string-tcp high false YVerInfo.dll ActiveX Buffer Overflow 22859.0 IBM Tivoli Storage string-tcp high true Manager Client CAD Service Buffer Overflow 22859.0 IBM Tivoli Storage string-tcp high true Manager Client CAD Service Buffer Overflow 22959.0 Sun MySQL Database SELECT multi-string medium true Subquery Denial Of Service 22959.0 Sun MySQL Database SELECT multi-string medium true Subquery Denial Of Service 23559.0 CA BrightStor HSM Buffer string-tcp high true Overflow 23559.0 CA BrightStor HSM Buffer string-tcp high true Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5796.0 Cisco IOS HTTP string-tcp high false Unauthorized Command Execution 5796.0 Cisco IOS HTTP string-tcp high false Unauthorized Command Execution 5835.0 Cisco IOS SIP DoS atomic-ip medium false Vulnerability 5835.0 Cisco IOS SIP DoS atomic-ip medium false Vulnerability 5893.0 Cisco IP Phone Remote meta medium false Denial of Service 5893.0 Cisco IP Phone Remote meta medium false Denial of Service 5893.1 Cisco IP Phone Remote atomic-ip informational false Denial of Service 5893.1 Cisco IP Phone Remote atomic-ip informational false Denial of Service 5893.2 Cisco IP Phone Remote atomic-ip informational false Denial of Service 5893.2 Cisco IP Phone Remote atomic-ip informational false Denial of Service 5977.0 DB2 Handshake DoS string-tcp high false 5977.0 DB2 Handshake DoS string-tcp high false 6540.0 CUCM Certificate Trust string-tcp high false List Memory Consumption DOS 6540.0 CUCM Certificate Trust string-tcp high false List Memory Consumption DOS 6782.0 SIP MIME Request Boundary atomic-ip high true Overflow 6782.0 SIP MIME Request Boundary atomic-ip high true Overflow 7259.0 Microsoft Message Queing service-msrpc high true Remote Code Execution 7259.0 Microsoft Message Queing service-msrpc high true Remote Code Execution 16040.0 Quicktime Crafted VR string-tcp high false Movie Buffer Overflow 16040.0 Quicktime Crafted VR string-tcp high false Movie Buffer Overflow 16219.0 Mozilla Firefox XSL string-tcp high true Parsing Remote Memory Corruption 16219.0 Mozilla Firefox XSL string-tcp high true Parsing Remote Memory Corruption 17504.0 FireFox HTML Parsing Null string-tcp medium false Pointer Dereference 17504.0 FireFox HTML Parsing Null string-tcp medium false Pointer Dereference 17517.0 IE Status Bar URI Spoofing string-tcp high false 17517.0 IE Status Bar URI Spoofing string-tcp high false 17538.0 IE Popup Window Address string-tcp high false Bar Spoofing 17538.0 IE Popup Window Address string-tcp high false Bar Spoofing 17624.0 Web Tours Upload service-http high false Directory Traversal 17624.0 Web Tours Upload service-http high false Directory Traversal 18443.0 Ruby REXML Library string-tcp high false Entities Handling Denial of Service 18443.0 Ruby REXML Library string-tcp high false Entities Handling Denial of Service 18622.0 Microsoft Internet string-tcp high false Explorer WMF Image Parsing Memory Corruption Vulnerability 18622.0 Microsoft Internet string-tcp high false Explorer WMF Image Parsing Memory Corruption Vulnerability 18782.0 Windows MDAC Remote Code meta high false Execution Exploit 18782.0 Windows MDAC Remote Code meta high false Execution Exploit 18783.0 Windows MDAC Remote Code meta high false Execution 18783.0 Windows MDAC Remote Code meta high false Execution CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S468 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23799.0 Microsoft Office Remote string-tcp high true Code Execution 23799.0 Microsoft Office Remote string-tcp high true Code Execution 23800.0 Windows Shell Handler string-tcp high true Vulnerability 23800.0 Windows Shell Handler string-tcp high true Vulnerability 23819.0 SMB Client Buffer Overflow service-smb-ad high true vanced 23819.0 SMB Client Buffer Overflow service-smb-ad high true vanced 23820.0 Windows SMB Client Attack string-tcp high true 23820.0 Windows SMB Client Attack string-tcp high true 23839.0 PowerPoint string-tcp high true LinkedSlideAtom Heap Overflow 23839.0 PowerPoint string-tcp high true LinkedSlideAtom Heap Overflow 23899.0 Microsoft Office string-tcp high true PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability 23899.0 Microsoft Office string-tcp high true PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability 23919.0 Microsoft Office string-tcp high true PowerPoint Remote Code Excution Vulnerability 23919.0 Microsoft Office string-tcp high true PowerPoint Remote Code Excution Vulnerability 23939.0 Microsoft Data Analyzer string-tcp high true ActiveX Control Vulnerability 23939.0 Microsoft Data Analyzer string-tcp high true ActiveX Control Vulnerability 23959.0 Microsoft Powerpoint string-tcp high true Array Index Vulnerability 23959.0 Microsoft Powerpoint string-tcp high true Array Index Vulnerability 23979.0 Microsoft Powerpoint multi-string high true Remote Code Execution Vulnerability 23979.0 Microsoft Powerpoint multi-string high true Remote Code Execution Vulnerability 23999.0 Microsoft SMB Pathname service-smb-ad high true Buffer Overflow vanced 23999.0 Microsoft SMB Pathname service-smb-ad high true Buffer Overflow vanced 24059.0 SMB Server Null Pointer service-smb-ad medium true Overflow vanced 24059.0 SMB Server Null Pointer service-smb-ad medium true Overflow vanced 24099.0 Microsoft Paint Remote multi-string high true Code Execution Vulnerability 24099.0 Microsoft Paint Remote multi-string high true Code Execution Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S467 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23941.0 Internet Explorer string-tcp high true Information Disclosure 23941.0 Internet Explorer string-tcp high true Information Disclosure TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23479.0 Metasploit Aurora Module multi-string high true 23479.0 Metasploit Aurora Module multi-string high true CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S466 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20960.0 Adobe Reader Malformed string-tcp high false PDF Code Execution 20960.0 Adobe Reader Malformed string-tcp high false PDF Code Execution 21759.0 Mozilla Network Security string-tcp high true Services Regexp Heap Overflow 21759.0 Mozilla Network Security string-tcp high true Services Regexp Heap Overflow 21839.0 Novell eDirectory HTTP service-http medium true Request Denial Of Service 21839.0 Novell eDirectory HTTP service-http medium true Request Denial Of Service 21841.0 Adobe PDF Deflate string-tcp high true Parameter Integer Overflow 21841.0 Adobe PDF Deflate string-tcp high true Parameter Integer Overflow 22381.0 Suspicious IRC Channel string-tcp informational false Topic 22381.0 Suspicious IRC Channel string-tcp informational false Topic 22480.0 Symantec Alert Management multi-string high true System Intel Alert Originator Service Buffer Overflow 22480.0 Symantec Alert Management multi-string high true System Intel Alert Originator Service Buffer Overflow 22599.0 HP Power Manager Web service-http high true Server Login Remote Code Execution Vulnerability 22599.0 HP Power Manager Web service-http high true Server Login Remote Code Execution Vulnerability 22939.0 Microsoft Excel Sheet string-tcp medium false Name Remote Denial Of Service Vulnerability 22939.0 Microsoft Excel Sheet string-tcp medium false Name Remote Denial Of Service Vulnerability 23019.0 MySQL Mysql_Log Format string-tcp medium true String 23019.0 MySQL Mysql_Log Format string-tcp medium true String TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3159.0 FTP PASS Suspicious Length string-tcp high true 3159.0 FTP PASS Suspicious Length string-tcp high true 3173.0 Long FTP Command string-tcp high false 3173.0 Long FTP Command string-tcp high false 5684.1 Malformed SIP Packet string-tcp medium true 5684.1 Malformed SIP Packet string-tcp medium true 5684.4 Malformed SIP Packet string-tcp medium true 5684.4 Malformed SIP Packet string-tcp medium true 5684.6 Malformed SIP Packet atomic-ip medium true 5684.6 Malformed SIP Packet atomic-ip medium true 17363.0 Rustock Botnet meta high true 17363.0 Rustock Botnet meta high true 17626.0 Safari Window.setTimeout string-tcp high false Spoofing 17626.0 Safari Window.setTimeout string-tcp high false Spoofing 17658.0 Apple Safari File string-tcp high false Download DoS 17658.0 Apple Safari File string-tcp high false Download DoS 17659.0 IE MHTML Redirection string-tcp high false Information Disclosure 17659.0 IE MHTML Redirection string-tcp high false Information Disclosure 17677.0 Safari KHTML WebKit DoS string-tcp high false 17677.0 Safari KHTML WebKit DoS string-tcp high false 17684.0 IE HTML Rendering Memory string-tcp high false Corruption 17684.0 IE HTML Rendering Memory string-tcp high false Corruption 17778.0 Sony CONNECT Player M3U string-tcp high false Playlist Processing Buffer Overflow 17778.0 Sony CONNECT Player M3U string-tcp high false Playlist Processing Buffer Overflow 18136.1 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.1 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.2 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.2 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.3 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.3 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.4 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.4 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.5 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.5 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.6 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.6 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.7 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.7 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.8 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.8 Microsoft MDAC Remote string-tcp high false Code Execution POC 18237.0 HTTP ACTi Network Video meta high false Recorder Multiple ActiveX DOS 18237.0 HTTP ACTi Network Video meta high false Recorder Multiple ActiveX DOS CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S465 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 17363.3 Rustock Botnet service-http high true 17363.3 Rustock Botnet service-http high true 19500.0 Oracle Stack-based buffer string-tcp high false overflow vulnerability 19500.0 Oracle Stack-based buffer string-tcp high false overflow vulnerability 19621.0 Check Point ASN.1 atomic-ip high false Decoding Heap Overflow 19621.0 Check Point ASN.1 atomic-ip high false Decoding Heap Overflow 20419.0 Microsoft Internet string-tcp high false Explorer Popup Title Bar Spoofing 20419.0 Microsoft Internet string-tcp high false Explorer Popup Title Bar Spoofing 20419.1 Microsoft Internet string-tcp high false Explorer Popup Title Bar Spoofing 20419.1 Microsoft Internet string-tcp high false Explorer Popup Title Bar Spoofing TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S464 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5114.9 WWW IIS Unicode Attack string-tcp high true 5114.9 WWW IIS Unicode Attack string-tcp high true 6027.0 Outlook Word Malformed string-tcp high false Object Tag 6027.0 Outlook Word Malformed string-tcp high false Object Tag 6027.1 Outlook Word Malformed string-tcp high false Object Tag 6027.1 Outlook Word Malformed string-tcp high false Object Tag 6744.0 Mozilla FireFox multi-string high false DomNodeRemoved Memory Corruption 6744.0 Mozilla FireFox multi-string high false DomNodeRemoved Memory Corruption 6969.1 Microsoft Word Smart Tag string-tcp high false Corruption Exploit 6969.1 Microsoft Word Smart Tag string-tcp high false Corruption Exploit 7283.2 Microsoft XML Core string-tcp high true Services RCE 7283.2 Microsoft XML Core string-tcp high true Services RCE 7288.0 ASUS DPC Proxy Buffer string-tcp high false Overflow 7288.0 ASUS DPC Proxy Buffer string-tcp high false Overflow 15233.3 Internet Explorer string-tcp high false Uninitalized Memory Corruption 15233.3 Internet Explorer string-tcp high false Uninitalized Memory Corruption 16115.0 Libxslt XSL File string-tcp high false Processing Buffer Overflow 16115.0 Libxslt XSL File string-tcp high false Processing Buffer Overflow 16176.0 NCTsoft NCTAudioFile2 meta high true ActiveX Control Remote Buffer Overflow 16176.0 NCTsoft NCTAudioFile2 meta high true ActiveX Control Remote Buffer Overflow 16213.0 Orbit Downloader URL meta medium true Processing Stack Buffer Overflow 16213.0 Orbit Downloader URL meta medium true Processing Stack Buffer Overflow 16213.1 Orbit Downloader URL string-tcp informational true Processing Stack Buffer Overflow 16213.1 Orbit Downloader URL string-tcp informational false Processing Stack Buffer Overflow 16213.2 Orbit Downloader URL string-tcp informational true Processing Stack Buffer Overflow 16213.2 Orbit Downloader URL string-tcp informational false Processing Stack Buffer Overflow 17124.0 Novell eDirectory HEAD string-tcp high false Request Handling Denial Of Service 17124.0 Novell eDirectory HEAD string-tcp high false Request Handling Denial Of Service 17254.0 HPISDataManager.dll string-tcp high false Arbitrary File Delete 17254.0 HPISDataManager.dll string-tcp high false Arbitrary File Delete 23640.0 TorPig Captured multi-string high true Information Upload 23640.0 TorPig Captured multi-string high true Information Upload TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 1220.0 Jolt2 Fragment Reassembly normalizer high false DoS attack 1220.0 Jolt2 Fragment Reassembly normalizer high false DoS attack 3791.1 Solaris Printd Unlink string-tcp high false File Deletion 3791.1 Solaris Printd Unlink string-tcp high false File Deletion 5684.0 Malformed SIP Packet atomic-ip medium false 5684.0 Malformed SIP Packet atomic-ip medium false 5684.3 Malformed SIP Packet atomic-ip medium false 5684.3 Malformed SIP Packet atomic-ip medium false 5684.5 Malformed SIP Packet string-udp medium false 5684.5 Malformed SIP Packet string-udp medium false 6459.0 Microsoft Winhlp32 string-tcp high false Compressed Phrase Integer Overflow 6459.0 Microsoft Winhlp32 string-tcp high false Compressed Phrase Integer Overflow 6546.0 SNMPv3 Malformed atomic-ip high false Authentication Attempt 6546.0 SNMPv3 Malformed atomic-ip high false Authentication Attempt 6727.0 Nullsoft Winamp Midi File string-tcp high false Header Handling Buffer Overflow 6727.0 Nullsoft Winamp Midi File string-tcp high false Header Handling Buffer Overflow 6727.1 Nullsoft Winamp Midi File string-tcp high false Header Handling Buffer Overflow 6727.1 Nullsoft Winamp Midi File string-tcp high false Header Handling Buffer Overflow 7301.0 Excel Global Array Memory string-tcp high true Corruption 7301.0 Excel Global Array Memory string-tcp high true Corruption 15754.0 Ipswitch IMail Web service-http high false Calendaring Arbitrary File Read 15754.0 Ipswitch IMail Web service-http high false Calendaring Arbitrary File Read 17362.0 Mcrosoft MDAC string-tcp high false WMIScripUtils.WMIOjectBro- ker ActiveX Code Execution 17362.0 Mcrosoft MDAC string-tcp high false WMIScripUtils.WMIOjectBro- ker ActiveX Code Execution 18127.0 COM Object Instantiation string-tcp high false Memory Corruption 18127.0 COM Object Instantiation string-tcp high false Memory Corruption 19699.0 Firefox location.hostname string-tcp high false Null Byte Vulnerability 19699.0 Firefox location.hostname string-tcp high false Null Byte Vulnerability 22261.0 AT&T WinVNC Buffer service-http high false overflow vulnerability 22261.0 AT&T WinVNC Buffer service-http high false overflow vulnerability CAVEATS None. Modified signature(s) detail: The following signaures have been retired: 6546-0 SNMPv3 Malformed Authentication Attempt 5684-5 Malformed SIP Packet 5684-3 Malformed SIP Packet 5684-0 Malformed SIP Packet 1220-0 Jolt2 Fragment Reassembly DoS attack The SFR for following signatures have been increased: 22261-0 AT&T WinVNC Buffer overflow vulnerability 19699-0 Firefox location.hostname Null Byte Vulnerability 18127-0 COM Object Instantiation Memory Corruption 17362-0 Mcrosoft MDAC WMIScripUtils.WMIOjectBroker ActiveX Code Execution 15754-0 Ipswitch IMail Web Calendaring Arbitrary File Read 7301-0 Excel Global Array Memory Corruption 6727-1 Nullsoft Winamp Midi File Header Handling Buffer Overflow 6727-0 Nullsoft Winamp Midi File Header Handling Buffer Overflow 6459-0 Microsoft Winhlp32 Compressed Phrase Integer Overflow 3791-1 Solaris Printd Unlink File Deletion ================================================================================================= S463 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23619.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption 23619.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption 23620.0 Internet Explorer HTML string-tcp high true Object Memory Corruption 23620.0 Internet Explorer HTML string-tcp high true Object Memory Corruption 23621.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption 23621.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption 23622.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption 23622.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S462 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23419.0 Ciscoworks Internetwork string-tcp high true Performance Monitor Remote Code Execution Vulnerability 23419.0 Ciscoworks Internetwork string-tcp high true Performance Monitor Remote Code Execution Vulnerability 23579.0 Cisco IOS XR Software SSH string-tcp high true Denial of Service 23579.0 Cisco IOS XR Software SSH string-tcp high true Denial of Service TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S461 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23479.0 Metasploit Aurora Module multi-string high true 23479.0 Metasploit Aurora Module multi-string high true TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S460 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23439.0 Microsoft IE Remote Code string-tcp high true Execution 23439.0 Microsoft IE Remote Code string-tcp high true Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S459 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23199.0 Microsoft Windows string-tcp high true Embedded OpenType Font Engine Remote Code Execution 23199.0 Microsoft Windows string-tcp high true Embedded OpenType Font Engine Remote Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S458 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16176.1 NCTsoft NCTAudioFile2 string-tcp informational true ActiveX Control Remote Buffer Overflow 16176.1 NCTsoft NCTAudioFile2 string-tcp informational true ActiveX Control Remote Buffer Overflow 16176.2 NCTsoft NCTAudioFile2 string-tcp informational true ActiveX Control Remote Buffer Overflow 16176.2 NCTsoft NCTAudioFile2 string-tcp informational true ActiveX Control Remote Buffer Overflow 17242.0 Sun Java Webstart Vm Args string-tcp high false Buffer Overflow 17242.0 Sun Java Webstart Vm Args string-tcp high false Buffer Overflow 19679.0 VLC Remote Format String string-tcp high false Vulnerability 19679.0 VLC Remote Format String string-tcp high false Vulnerability 19679.1 VLC Remote Format String string-tcp high false Vulnerability 19679.1 VLC Remote Format String string-tcp high false Vulnerability 20540.0 Microsoft DirectPlay DoS string-tcp high false Vulnerability 20540.0 Microsoft DirectPlay DoS string-tcp high false Vulnerability 20560.0 Nullsoft Shoutcast Server service-http high false Request Log Cross-Site Scripting 20560.0 Nullsoft Shoutcast Server service-http high false Request Log Cross-Site Scripting 20641.0 Oracle Database Core string-tcp high false RDBMS Component Denial of Service 20641.0 Oracle Database Core string-tcp high false RDBMS Component Denial of Service 20843.0 Sourcefire Snort DCE-RPC string-tcp high false Preprocessor Buffer Overflow 20843.0 Sourcefire Snort DCE-RPC string-tcp high false Preprocessor Buffer Overflow 20999.0 HP Software Update Tool string-tcp high false ActiveX Control File Overwrite 20999.0 HP Software Update Tool string-tcp high false ActiveX Control File Overwrite 21002.0 CA ARCserve Backup string-tcp high false Discovery Service Denial of Service 21002.0 CA ARCserve Backup string-tcp high false Discovery Service Denial of Service 21700.0 Microsoft Internet meta high false Explorer COM Object keyframe() Method 21700.0 Microsoft Internet meta high false Explorer COM Object keyframe() Method 22279.0 Firefox Linktag Exploit string-tcp high false 22279.0 Firefox Linktag Exploit string-tcp high false 22380.0 GNUTurk mods.php t_id service-http medium false Parameter SQL Injection 22380.0 GNUTurk mods.php t_id service-http medium false Parameter SQL Injection 22421.0 Apple iLife iPhoto XML string-tcp high false Remote Format String Vulnerability 22421.0 Apple iLife iPhoto XML string-tcp high false Remote Format String Vulnerability 22424.0 PHP Labs Top Auction SQL service-http high false Injection Vulnerability 22424.0 PHP Labs Top Auction SQL service-http high false Injection Vulnerability 22439.0 Lizard Cart CMS id service-http medium false Parameter SQL Injection Vulnerability 22439.0 Lizard Cart CMS id service-http medium false Parameter SQL Injection Vulnerability 22639.0 Apache Tomcat Directory service-http medium false Listing Information Disclosure 22639.0 Apache Tomcat Directory service-http medium false Listing Information Disclosure 22683.0 KDE Browser Multiple string-tcp high false Vulnerabilities 22683.0 KDE Browser Multiple string-tcp high false Vulnerabilities 22699.0 HP OpenView Network Node string-tcp medium true Manager Denial Of Service 22699.0 HP OpenView Network Node string-tcp medium true Manager Denial Of Service 22739.0 Microsoft GdiPlus EMF string-tcp medium true Denial Of Service PoC 22739.0 Microsoft GdiPlus EMF string-tcp medium true Denial Of Service PoC 22839.0 RhinoSoft Serv-U TEA service-http high true Decoding Buffer Overflow 22839.0 RhinoSoft Serv-U TEA service-http high true Decoding Buffer Overflow 23179.0 IIS Semi-colon Filename service-http high true Vulnerability 23179.0 IIS Semi-colon Filename service-http high true Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3180.1 BakBone NetVault Remote string-tcp high false Heap Overflow 3180.1 BakBone NetVault Remote string-tcp high false Heap Overflow 4617.0 PoPToP PPtP Short Length string-tcp high false Overflow 4617.0 PoPToP PPtP Short Length string-tcp high false Overflow 4617.1 PoPToP PPtP Short Length string-tcp high false Overflow 4617.1 PoPToP PPtP Short Length string-tcp high false Overflow 5504.0 BrightStor Backup atomic-ip high false Discovery UDP Probe Overflow 5504.0 BrightStor Backup atomic-ip high false Discovery UDP Probe Overflow 5684.2 Malformed SIP Packet atomic-ip high true 5684.2 Malformed SIP Packet atomic-ip high true 17138.0 Internet Explorer string-tcp high false Malformed BMP Buffer Overflow 17138.0 Internet Explorer string-tcp high false Malformed BMP Buffer Overflow 17139.0 KAME Racoon Auth Bypass atomic-ip high false 17139.0 KAME Racoon Auth Bypass atomic-ip high false 17140.0 Trend Micro OfficeScan string-tcp high false Console Buffer Overflow 17140.0 Trend Micro OfficeScan string-tcp high false Console Buffer Overflow 17141.0 WS_FTP Log Server Denial atomic-ip high false Of Service 17141.0 WS_FTP Log Server Denial atomic-ip high false Of Service 17238.0 CA BrightStor ARCserve string-tcp high false Backup Media Server Buffer Overflow 17238.0 CA BrightStor ARCserve string-tcp high false Backup Media Server Buffer Overflow 17259.0 VideoLAN VLC Media Player string-tcp high false TY Processing Buffer Overflow 17259.0 VideoLAN VLC Media Player string-tcp high false TY Processing Buffer Overflow 17278.0 IIS Information Gathering string-tcp high false Attack 17278.0 IIS Information Gathering string-tcp high false Attack 17282.0 Cachemgr.cgi string-tcp high false 17282.0 Cachemgr.cgi string-tcp high false 17292.0 acFTP DoS string-tcp high false 17292.0 acFTP DoS string-tcp high false 17292.1 acFTP DoS string-tcp high false 17292.1 acFTP DoS string-tcp high false 17296.0 IE string-tcp high false DXImageTransform.Microsof- t.Gradient Object DoS 17296.0 IE string-tcp high false DXImageTransform.Microsof- t.Gradient Object DoS 17345.0 Outlook ole32.dll ActiveX string-tcp high false DoS 17345.0 Outlook ole32.dll ActiveX string-tcp high false DoS 17347.0 CorelMalformed CLP string-tcp high false Overflow 17347.0 CorelMalformed CLP string-tcp high false Overflow 17349.0 Adobe PDF Reader plug-in string-tcp high false AcroPDF.dll DoS 17349.0 Adobe PDF Reader plug-in string-tcp high false AcroPDF.dll DoS 17351.0 AcroOPDF.DLL ActiveX string-tcp high false Control DoS 17351.0 AcroOPDF.DLL ActiveX string-tcp high false Control DoS 17367.0 HtmlDlgSafeHelper ActiveX string-tcp high false DoS 17367.0 HtmlDlgSafeHelper ActiveX string-tcp high false DoS 17420.0 Microsoft IE Native string-tcp high false Function DoS 17420.0 Microsoft IE Native string-tcp high false Function DoS 17433.0 IE FolderItem Object string-tcp high false Access DoS 17433.0 IE FolderItem Object string-tcp high false Access DoS 17498.0 Safari DHTML string-tcp high false setAttributeNode DoS 17498.0 Safari DHTML string-tcp high false setAttributeNode DoS 17499.0 IE string-tcp high false Object.Microsoft.DXTFiler DoS 17499.0 IE string-tcp high false Object.Microsoft.DXTFiler DoS 17500.0 IE Exception Handling string-tcp high false Memory Corruption 17500.0 IE Exception Handling string-tcp high false Memory Corruption CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S457 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 23099.0 Obfuscated PDF Document multi-string high true 23099.0 Obfuscated PDF Document multi-string high true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5582.0 NetBIOS Enum Share DoS service-smb-ad high false vanced 5582.0 NetBIOS Enum Share DoS service-smb-ad high false vanced 6973.0 IOS FTPd MKD Command string-tcp high false Buffer Overflow 6973.0 IOS FTPd MKD Command string-tcp high false Buffer Overflow CAVEATS None. Modified signature(s) detail: The following signatures are being retired: 5582-0 NetBIOS Enum Share DoS 6973-0 IOS FTPd MKD Command Buffer Overflow ================================================================================================= S456 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 22660.0 WebEx WRF File Denial of multi-string high true Service 22660.0 WebEx WRF File Denial of multi-string high true Service 22661.0 WebEx WRF File Code multi-string high true Injection 22661.0 WebEx WRF File Code multi-string high true Injection 22662.0 Cisco Webex WRF Player multi-string high true Heap Overflow 22662.0 Cisco Webex WRF Player multi-string high true Heap Overflow 22663.0 Cisco Webex WRF Player multi-string high true Overflow 22663.0 Cisco Webex WRF Player multi-string high true Overflow 22799.0 Cisco WebEx Memory multi-string high true Corruption Vulnerability 22799.0 Cisco WebEx Memory multi-string high true Corruption Vulnerability 23040.0 Cisco WebEx WRF Player multi-string high true Vulnerability 23040.0 Cisco WebEx WRF Player multi-string high true Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S455 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6046.0 InterNetNews NULL Path string-tcp high false Denial of Service 6046.0 InterNetNews NULL Path string-tcp high false Denial of Service TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5485.0 ISS PAM.dll ICQ Parser string-udp high false Buffer Overflow 5485.0 ISS PAM.dll ICQ Parser string-udp high false Buffer Overflow 5485.1 ISS PAM.dll ICQ Parser atomic-ip high true Buffer Overflow 5485.1 ISS PAM.dll ICQ Parser atomic-ip high true Buffer Overflow 5569.0 MDaemon Imap string-tcp high true Authentication Overflow 5569.0 MDaemon Imap string-tcp high true Authentication Overflow 6996.1 GDI+ BMP Integer Overflow string-tcp high false 6996.1 GDI+ BMP Integer Overflow string-tcp high false 15235.1 Exchange Server Memory state high false Corruption Vulnerability 15235.1 Exchange Server Memory state high false Corruption Vulnerability 15235.2 Exchange Server Memory state high false Corruption Vulnerability 15235.2 Exchange Server Memory state high false Corruption Vulnerability 15314.0 Symantec Firewall DNS atomic-ip high false Response Denial Of Service 15314.0 Symantec Firewall DNS atomic-ip high false Response Denial Of Service 15573.0 Apple Mac OS X string-tcp high false FinderMemory Corruption 15573.0 Apple Mac OS X string-tcp high false FinderMemory Corruption 15913.0 Linux Kernel nfsd atomic-ip high true Subsystem Buffer Overflow 15913.0 Linux Kernel nfsd atomic-ip high true Subsystem Buffer Overflow 15954.0 CA Multiple Products string-tcp high false Console Server Buffer Overflow 15954.0 CA Multiple Products string-tcp high false Console Server Buffer Overflow 16038.0 Adobe Flash Insufficient string-tcp high false Data Validation Buffer Overflow 16038.0 Adobe Flash Insufficient string-tcp high false Data Validation Buffer Overflow 16039.0 Adobe Invalid BMP Header string-tcp high false Buffer Overflow 16039.0 Adobe Invalid BMP Header string-tcp high false Buffer Overflow 16615.0 Microsoft PowerPoint PPT string-tcp high false Document Parsing Code Execution 16615.0 Microsoft PowerPoint PPT string-tcp high false Document Parsing Code Execution 16796.0 Atrium Software MERCUR string-tcp high false IMAPD NTLMSSP Command Handling Memory Corruption Exploit 16796.0 Atrium Software MERCUR string-tcp high false IMAPD NTLMSSP Command Handling Memory Corruption Exploit 18519.0 Microsoft Windows WMF string-tcp high false Handling Arbitrary Code Execution 18519.0 Microsoft Windows WMF string-tcp high false Handling Arbitrary Code Execution 18539.0 Microsoft Office Routing string-tcp high false Slip Processing Remote Buffer Overflow 18539.0 Microsoft Office Routing string-tcp high false Slip Processing Remote Buffer Overflow 18601.0 Microsoft Windows string-tcp high false Embedded Web Font Handling Buffer Overflow 18601.0 Microsoft Windows string-tcp high false Embedded Web Font Handling Buffer Overflow 18879.0 PowerPoint Malformed Data string-tcp high false Record RCE 18879.0 PowerPoint Malformed Data string-tcp high false Record RCE 19485.0 InterWoven WorkDocs XSS string-tcp high false Vulnerability 19485.0 InterWoven WorkDocs XSS string-tcp high false Vulnerability 20162.0 Microsoft Internet string-tcp high false Explorer URL Spoofing 20162.0 Microsoft Internet string-tcp high false Explorer URL Spoofing 20239.0 Microsoft Internet string-tcp high false Explorer MSWebDVD Object Denial Of Service Vulnerability 20239.0 Microsoft Internet string-tcp high false Explorer MSWebDVD Object Denial Of Service Vulnerability 20440.0 Symantec Enterprise atomic-ip high false Firewall DNSD DNS Cache Poisoning Vulnerability 20440.0 Symantec Enterprise atomic-ip high false Firewall DNSD DNS Cache Poisoning Vulnerability 20499.0 Multiple Vendor TCP atomic-ip high false Connection Reset Denial of Service 20499.0 Multiple Vendor TCP atomic-ip high false Connection Reset Denial of Service 20561.0 CVS Max-dotdot Protocol string-tcp high false Command Integer Overflow 20561.0 CVS Max-dotdot Protocol string-tcp high false Command Integer Overflow 20759.0 TheWebForum Login.php service-http high true Username Parameter SQL Injection 20759.0 TheWebForum Login.php service-http high true Username Parameter SQL Injection 21279.0 Mac OSX Safari X-Man-Page string-tcp high false URI Terminal Escape Command Execution 21279.0 Mac OSX Safari X-Man-Page string-tcp high false URI Terminal Escape Command Execution CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S454 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 22659.0 Microsoft Office Project string-tcp high true Exploit 22659.0 Microsoft Office Project string-tcp high true Exploit 22665.0 Microsoft Internet string-tcp high true Explorer Uninitialized Memory Corruption Vulnerability 22665.0 Microsoft Internet string-tcp high true Explorer Uninitialized Memory Corruption Vulnerability 22666.0 Microsoft Wordpad Remote string-tcp high true Code Execution 22666.0 Microsoft Wordpad Remote string-tcp high true Code Execution 22740.0 HTML Object Memory string-tcp high true Corruption 22740.0 HTML Object Memory string-tcp high true Corruption 22741.0 Microsoft Windows Active service-http medium true Directory Federation Services Remote Code Execution 22741.0 Microsoft Windows Active service-http medium true Directory Federation Services Remote Code Execution 22759.0 Microsoft Internet string-tcp high true Explorer Memory Corruption Vulnerability 22759.0 Microsoft Internet string-tcp high true Explorer Memory Corruption Vulnerability 22820.0 Internet Authentication meta high true Service MS CHAPv2 Invalid Request 22820.0 Internet Authentication meta high true Service MS CHAPv2 Invalid Request 22820.1 Internet Authentication atomic-ip informational true Service MS CHAPv2 Invalid Request 22820.1 Internet Authentication atomic-ip informational true Service MS CHAPv2 Invalid Request 22820.2 Internet Authentication atomic-ip informational true Service MS CHAPv2 Invalid Request 22820.2 Internet Authentication atomic-ip informational true Service MS CHAPv2 Invalid Request 22820.3 Internet Authentication atomic-ip informational true Service MS CHAPv2 Invalid Request 22820.3 Internet Authentication atomic-ip informational true Service MS CHAPv2 Invalid Request TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S453 SIGNATURE UPDATE DETAILS NEW SIGNATURES There are no new signatures for this release. TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 4504.0 SNMP IOS Configuration service-snmp medium true Retrieval 4504.0 SNMP IOS Configuration service-snmp medium true Retrieval 5930.1 Generic SQL Injection service-http high true 5930.1 Generic SQL Injection service-http high true CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S452 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 22520.0 EMC Captiva QuickScan Pro multi-string high true KeyHelp ActiveX Control Buffer Overflow 22520.0 EMC Captiva QuickScan Pro multi-string high true KeyHelp ActiveX Control Buffer Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 1108.0 IP Packet with Proto 11 atomic-ip high false 1108.0 IP Packet with Proto 11 atomic-ip high false 2012.0 ICMP Address Mask Reply atomic-ip informational false 2012.0 ICMP Address Mask Reply atomic-ip informational false 4510.0 Solaris SNMP Hidden service-snmp high false Community Name 4510.0 Solaris SNMP Hidden service-snmp high false Community Name 5232.1 URL with XSS service-http high true 5232.1 URL with XSS service-http high true 5804.0 VPN3000 Concentrator meta high false Unauthenticated FTP Access 5804.0 VPN3000 Concentrator meta high false Unauthenticated FTP Access 5804.2 VPN3000 Concentrator string-tcp informational false Unauthenticated FTP Access 5804.2 VPN3000 Concentrator string-tcp informational false Unauthenticated FTP Access 12693.0 Define Tranfer-Encoding application-po low false Chunked licy-enforceme nt-http 12693.0 Define Tranfer-Encoding application-po low false Chunked licy-enforceme nt-http 15005.0 Microsoft Windows SMB string-tcp high true Remote Code Execution 15005.0 Microsoft Windows SMB string-tcp high true Remote Code Execution 15006.0 Microsoft Windows SMB service-smb-ad high true Remote Code Execution vanced 15006.0 Microsoft Windows SMB service-smb-ad high true Remote Code Execution vanced 16094.0 Apache HTTP Server service-http medium false mod_negotiation Cross Site Scripting 16094.0 Apache HTTP Server service-http medium false mod_negotiation Cross Site Scripting 17017.0 InfoSoft FusionCharts SWF service-http medium false Flash File Remote Code Execution Vulnerability 17017.0 InfoSoft FusionCharts SWF service-http medium false Flash File Remote Code Execution Vulnerability 17018.0 InfoSoft FusionCharts SWF service-http medium false Flash File Injection 17018.0 InfoSoft FusionCharts SWF service-http medium false Flash File Injection 17019.0 Adobe Dreamweaver service-http medium false ActionScript Cross-Site Scripting Attack 17019.0 Adobe Dreamweaver service-http medium false ActionScript Cross-Site Scripting Attack 18441.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18441.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18477.0 Cisco ASA WebVPN XSS meta high true 18477.0 Cisco ASA WebVPN XSS meta high true CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S451 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5924.0 Mozilla Browsers string-tcp high false JavaScript Argument Passing Code Execution Vulnerability 5924.0 Mozilla Browsers string-tcp high false JavaScript Argument Passing Code Execution Vulnerability 15754.0 Ipswitch IMail Web service-http medium false Calendaring Arbitrary File Read 15754.0 Ipswitch IMail Web service-http medium false Calendaring Arbitrary File Read 17218.0 AVS Media string-tcp high false avsmjpegfile.dll Remote Buffer Overflow 17218.0 AVS Media string-tcp high false avsmjpegfile.dll Remote Buffer Overflow 17793.0 KDE Konqueror NULL string-tcp low false Pointer Dereference 17793.0 KDE Konqueror NULL string-tcp low false Pointer Dereference 21900.0 HP LoadRunner XUpload.ocx meta high true ActiveX Control Arbitrary File Download 21900.0 HP LoadRunner XUpload.ocx meta high true ActiveX Control Arbitrary File Download 21900.1 HP LoadRunner XUpload.ocx string-tcp informational true ActiveX Control Arbitrary File Download 21900.1 HP LoadRunner XUpload.ocx string-tcp informational true ActiveX Control Arbitrary File Download 21900.2 HP LoadRunner XUpload.ocx string-tcp informational true ActiveX Control Arbitrary File Download 21900.2 HP LoadRunner XUpload.ocx string-tcp informational true ActiveX Control Arbitrary File Download 22199.0 BigAnt IM Server HTTP GET service-http high false Request Remote Buffer Overflow Vulnerability 22199.0 BigAnt IM Server HTTP GET service-http high false Request Remote Buffer Overflow Vulnerability 22261.0 AT&T WinVNC Buffer service-http medium false overflow vulnerability 22261.0 AT&T WinVNC Buffer service-http medium false overflow vulnerability 22619.0 Opachki Trojan service-http high true 22619.0 Opachki Trojan service-http high true 22619.1 Opachki Trojan string-tcp high true 22619.1 Opachki Trojan string-tcp high true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 1607.0 IPv6 multi-crafted atomic-ip-v6 medium true fragments 1607.0 IPv6 multi-crafted atomic-ip-v6 medium true fragments 3721.0 TNS Brute Force string-tcp high false 3721.0 TNS Brute Force string-tcp high false 3793.0 ZENworks 6.5 string-tcp high true Authentication Overflow 3793.0 ZENworks 6.5 string-tcp high true Authentication Overflow 5949.0 Multiple HP Web Jetadmin service-http high false Vulnerabilities 5949.0 Multiple HP Web Jetadmin service-http high false Vulnerabilities 5949.1 Multiple HP Web Jetadmin service-http high false Vulnerabilities 5949.1 Multiple HP Web Jetadmin service-http high false Vulnerabilities 5956.0 Multiple Vendor SOAP DoS string-tcp high false 5956.0 Multiple Vendor SOAP DoS string-tcp high false 5959.1 Citrix ICA Client ActiveX string-tcp informational false Control Buffer Overflow Vulnerability 5959.1 Citrix ICA Client ActiveX string-tcp informational false Control Buffer Overflow Vulnerability 5961.0 Oracle Database Server string-tcp high false MD2 package SDO_CODE_SIZE procedure Buffer Overflow 5961.0 Oracle Database Server string-tcp high false MD2 package SDO_CODE_SIZE procedure Buffer Overflow 6031.0 Mcafee FreeScan string-tcp high false Information Disclosure 6031.0 Mcafee FreeScan string-tcp high false Information Disclosure 6072.0 Visual Basic VBP Buffer string-tcp high false Overflow 6072.0 Visual Basic VBP Buffer string-tcp high false Overflow 6087.0 Symantec ISAKMP DoS atomic-ip high false 6087.0 Symantec ISAKMP DoS atomic-ip high false 6147.0 RealPlayer RealMedia string-tcp high false Security Bypass 6147.0 RealPlayer RealMedia string-tcp high false Security Bypass 6159.0 Microsoft Windows Active string-tcp high false Directory Crafted LDAP Request DoS 6159.0 Microsoft Windows Active string-tcp high false Directory Crafted LDAP Request DoS 6936.0 UCM Disaster Recovery string-tcp high true Framework Command Execution 6936.0 UCM Disaster Recovery string-tcp high true Framework Command Execution 6979.0 BEA WebLogic Server string-tcp high false Apache Connector HTTP Version String BO 6979.0 BEA WebLogic Server string-tcp high false Apache Connector HTTP Version String BO 6986.0 Microsoft IE HTML Objects string-tcp high true Memory Corruption Exploit 6986.0 Microsoft IE HTML Objects string-tcp high true Memory Corruption Exploit 6991.0 Symantec Veritas Storage multi-string high false Foundation Null Session 6991.0 Symantec Veritas Storage multi-string high false Foundation Null Session 7275.0 Linux Kernel DCCP service-generi high false dccp_setsockopt_change c Integer Overflow 7275.0 Linux Kernel DCCP service-generi high false dccp_setsockopt_change c Integer Overflow 7299.0 Microsoft Word RTF RCE string-tcp high true 7299.0 Microsoft Word RTF RCE string-tcp high true 11203.1 IRC Channel Join fixed-tcp medium true 11203.1 IRC Channel Join fixed-tcp medium true 15493.0 Cisco ANM Java Agent service-http medium true Privilege Escalation 15493.0 Cisco ANM Java Agent service-http medium true Privilege Escalation 18620.0 Microsoft Outlook Express string-tcp high false Windows Address Book File Vulnerability 18620.0 Microsoft Outlook Express string-tcp high false Windows Address Book File Vulnerability 18621.0 Microsoft FrontPage string-tcp high false Server Extensions Cross Site Scripting 18621.0 Microsoft FrontPage string-tcp high false Server Extensions Cross Site Scripting 18623.0 Microsoft Excel Malformed string-tcp high false File Format Parsing Code Execution 18623.0 Microsoft Excel Malformed string-tcp high false File Format Parsing Code Execution 19021.0 Microsoft Excel Malformed string-tcp high false Graphic File Code Execution 19021.0 Microsoft Excel Malformed string-tcp high false Graphic File Code Execution 19119.0 Windows GRE WMF Handling string-tcp high false Memory Read Exception 19119.0 Windows GRE WMF Handling string-tcp high false Memory Read Exception 19120.0 Mozilla Products Graphics string-tcp high false and XML Features Integer Overflow 19120.0 Mozilla Products Graphics string-tcp high false and XML Features Integer Overflow 19121.0 GNU Tar PAX Extended string-tcp high false Headers Handling Buffer Overflow 19121.0 GNU Tar PAX Extended string-tcp high false Headers Handling Buffer Overflow 19139.0 Microsoft Word Section string-tcp high false Table Array Buffer Overflow 19139.0 Microsoft Word Section string-tcp high false Table Array Buffer Overflow CAVEATS CSCtb86833 CSCsz29118 Modified signature(s) detail: Signatures released with raised SFR: 19139-0,19121-0,19120-0,19119-0,19021-0,18623-0,18621,18620-0,15493-0,11203-1,6936-0,5949-1,5949-0,6159-0,6147-0,6087-0,6072-0,6031-0,5961-0,5959-1,5956-0,1607-0,3793-0. Signature released disabled: 6979-0. Signatures released retired: 7275-0,3721-0. Signatures released disabled and retired : 7299-0,6991-0. Signature modified:6986-0. ================================================================================================= S450 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 22579.0 Internet Explorer CSS string-tcp high true Remote Code Execution 22579.0 Internet Explorer CSS string-tcp high true Remote Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S449 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6491.0 Alt-N MDAEMON IMAP Server string-tcp high false Heap Overflow 6491.0 Alt-N MDAEMON IMAP Server string-tcp high false Heap Overflow 15333.0 Microsoft Internet string-tcp high false Explorer mshtml.dll ActiveX Memory Corruption 15333.0 Microsoft Internet string-tcp high false Explorer mshtml.dll ActiveX Memory Corruption 19383.1 DirectX Size Validation string-tcp high true Vulnerability 19383.1 DirectX Size Validation string-tcp high true Vulnerability 20179.1 WINS Heap Overflow string-tcp high false 20179.1 WINS Heap Overflow string-tcp high false 20181.1 WINS Integer Overflow string-tcp high false 20181.1 WINS Integer Overflow string-tcp high false 20725.0 Microsoft Internet string-tcp high false Explorer COM Object Instantiation Memory Corruption 20725.0 Microsoft Internet string-tcp high false Explorer COM Object Instantiation Memory Corruption 21319.0 Novell Client For Windows string-tcp medium false 2000/XP ActiveX Remote DoS Vulnerability 21319.0 Novell Client For Windows string-tcp medium false 2000/XP ActiveX Remote DoS Vulnerability 21319.1 Novell Client For Windows string-tcp medium false 2000/XP ActiveX Remote DoS Vulnerability 21319.1 Novell Client For Windows string-tcp medium false 2000/XP ActiveX Remote DoS Vulnerability 21359.1 Internet Explorer string-tcp high true Uninitialized Memory Corruption Vulnerability 21359.1 Internet Explorer string-tcp high true Uninitialized Memory Corruption Vulnerability 22339.0 Microsoft Windows SMB string-tcp high true Denial Of Service 22339.0 Microsoft Windows SMB string-tcp high true Denial Of Service TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5684.5 Malformed SIP Packet string-udp medium false 5684.5 Malformed SIP Packet string-udp medium false 5684.6 Malformed SIP Packet atomic-ip medium true 5684.6 Malformed SIP Packet atomic-ip medium true 5770.0 Cisco Secure ACS XSS service-http high false 5770.0 Cisco Secure ACS XSS service-http high false 5812.1 Cisco IPS SSL DOS service-generi medium false Vulnerability c 5812.1 Cisco IPS SSL DOS service-generi medium false Vulnerability c 5835.1 Cisco IOS SIP DoS atomic-ip medium false Vulnerability 5835.1 Cisco IOS SIP DoS atomic-ip medium false Vulnerability 5835.5 Cisco IOS SIP DoS meta medium false Vulnerability 5835.5 Cisco IOS SIP DoS meta medium false Vulnerability 5835.6 Cisco IOS SIP DoS atomic-ip informational false Vulnerability 5835.6 Cisco IOS SIP DoS atomic-ip informational false Vulnerability 5835.7 Cisco IOS SIP DoS atomic-ip informational false Vulnerability 5835.7 Cisco IOS SIP DoS atomic-ip informational false Vulnerability 5858.0 DNS Server RPC Interface service-msrpc high false Buffer Overflow 5858.0 DNS Server RPC Interface service-msrpc high false Buffer Overflow 6047.0 TrendMicro InterScan string-tcp high false Viruswall Directory Traversal 6047.0 TrendMicro InterScan string-tcp high false Viruswall Directory Traversal 6246.1 Gateway Weblaunch Activex string-tcp high false Control 6246.1 Gateway Weblaunch Activex string-tcp high false Control 6262.0 Cisco Secure Access string-tcp high true Control Server CGI Buffer Overflow 6262.0 Cisco Secure Access string-tcp high true Control Server CGI Buffer Overflow 6759.0 Apple Safari Regular string-tcp high false Expression Overflow 6759.0 Apple Safari Regular string-tcp high false Expression Overflow 18624.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18624.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18799.0 Cisco ASA WebVPN Cross string-tcp high true Site Scripting 18799.0 Cisco ASA WebVPN Cross string-tcp high true Site Scripting 19420.0 Cisco IOS/Unified atomic-ip high false Communications Manager SIP Vulnerability 19420.0 Cisco IOS/Unified atomic-ip high false Communications Manager SIP Vulnerability 20002.0 Microsoft Internet multi-string high true Explorer Object Handling Remote Code Execution 20002.0 Microsoft Internet multi-string high true Explorer Object Handling Remote Code Execution 20005.0 Microsoft Internet multi-string high true Explorer Uninitialized Memory Corruption Vulnerability 20005.0 Microsoft Internet multi-string high true Explorer Uninitialized Memory Corruption Vulnerability 20183.0 AVI Integer Overflow string-tcp high true Vulnerability 20183.0 AVI Integer Overflow string-tcp high true Vulnerability 20183.1 AVI Integer Overflow string-tcp high true Vulnerability 20183.1 AVI Integer Overflow string-tcp high true Vulnerability 20220.0 Workstation Service string-tcp high true Memory Corruption Vulnerability 20220.0 Workstation Service string-tcp high true Memory Corruption Vulnerability 20479.0 Malformed SIP Message string-tcp medium true 20479.0 Malformed SIP Message string-tcp medium true CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S448 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5971.1 Microsoft Internet string-tcp informational false Explorer COM Object Keyframe() Method 5971.1 Microsoft Internet string-tcp informational false Explorer COM Object Keyframe() Method 6978.1 Microsoft Office string-tcp high false PowerPoint List Value Parsing Vulnerability 6978.1 Microsoft Office string-tcp high false PowerPoint List Value Parsing Vulnerability 16693.0 NULL IMAP APPEND Command string-tcp medium false 16693.0 NULL IMAP APPEND Command string-tcp medium false 17999.0 Backdoor Beast string-tcp high false 17999.0 Backdoor Beast string-tcp high false 18739.0 DivX Player meta medium false DivXBrowserPlugin DoS 18739.0 DivX Player meta medium false DivXBrowserPlugin DoS 18739.1 DivX Player string-tcp informational false DivXBrowserPlugin DoS 18739.1 DivX Player string-tcp informational false DivXBrowserPlugin DoS 18739.2 DivX Player string-tcp informational false DivXBrowserPlugin DoS 18739.2 DivX Player string-tcp informational false DivXBrowserPlugin DoS 20879.0 Fujitsu Systemcast Wizard atomic-ip high false Lite PXE Service Remote Buffer Overflow 20879.0 Fujitsu Systemcast Wizard atomic-ip high false Lite PXE Service Remote Buffer Overflow 21279.0 Mac OSX Safari X-Man-Page string-tcp medium false URI Terminal Escape Command Execution 21279.0 Mac OSX Safari X-Man-Page string-tcp medium false URI Terminal Escape Command Execution 21800.0 Swizzor Botnet Traffic service-http high true 21800.0 Swizzor Botnet Traffic service-http high true 21860.0 Webmin/Usermin Unspecifed service-http medium false Information Disclosure Vulnerability 21860.0 Webmin/Usermin Unspecifed service-http medium false Information Disclosure Vulnerability 22142.0 SQL Botnet User-Agent: service-http high true uil2pn 22142.0 SQL Botnet User-Agent: service-http high true uil2pn TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3253.0 HTTP Request Smuggling service-http medium true 3253.0 HTTP Request Smuggling service-http medium true 3733.0 Real Server Format string-tcp high true Overflow 3733.0 Real Server Format string-tcp high true Overflow 5146.5 MS-DOS Device Name DoS service-http informational false 5146.5 MS-DOS Device Name DoS service-http informational false 5146.6 MS-DOS Device Name DoS service-http informational false 5146.6 MS-DOS Device Name DoS service-http informational false 5146.7 MS-DOS Device Name DoS service-http informational false 5146.7 MS-DOS Device Name DoS service-http informational false 5146.10 MS-DOS Device Name DoS service-http informational false 5146.10 MS-DOS Device Name DoS service-http informational false 5146.16 MS-DOS Device Name DoS service-http informational false 5146.16 MS-DOS Device Name DoS service-http informational false 5245.0 HTTP 1.1 Chunked Encoding service-http medium false Transfer 5245.0 HTTP 1.1 Chunked Encoding service-http medium false Transfer 5557.0 Windows ICC Color string-tcp informational false Management Module Vulnerability 5557.0 Windows ICC Color string-tcp informational false Management Module Vulnerability 5557.1 Windows ICC Color string-tcp medium false Management Module Vulnerability 5557.1 Windows ICC Color string-tcp medium false Management Module Vulnerability 5557.2 Windows ICC Color meta high false Management Module Vulnerability 5557.2 Windows ICC Color meta high false Management Module Vulnerability 5564.0 ARCserve Backup MS-SQL string-tcp high false Overflow 5564.0 ARCserve Backup MS-SQL string-tcp high false Overflow 5600.0 Windows ASN.1 Bit String service-smb-ad high true NTLMv2 Integer Overflow vanced 5600.0 Windows ASN.1 Bit String service-smb-ad high true NTLMv2 Integer Overflow vanced 5684.2 Malformed SIP Packet atomic-ip high true 5684.2 Malformed SIP Packet atomic-ip high true 5684.4 Malformed SIP Packet string-tcp medium true 5684.4 Malformed SIP Packet string-tcp medium true 5790.0 CS-MARS JBoss service-http high true Vulnerability 5790.0 CS-MARS JBoss service-http high true Vulnerability 5928.0 CSA for Windows System service-smb-ad high true Driver Remote Buffer vanced Overflow Vulnerability 5928.0 CSA for Windows System service-smb-ad high true Driver Remote Buffer vanced Overflow Vulnerability 6263.0 XSS in Cisco ACS Server service-http medium true 6263.0 XSS in Cisco ACS Server service-http medium true 6799.0 CUCM CTI DoS service-generi medium true c 6799.0 CUCM CTI DoS service-generi medium true c 17152.0 PowerPoint Legacy File string-tcp high true Format Vulnerability 17152.0 PowerPoint Legacy File string-tcp high true Format Vulnerability 20004.0 Microsoft Internet multi-string high true Explorer Malformed Web Page Handling Vulnerability 20004.0 Microsoft Internet multi-string high true Explorer Malformed Web Page Handling Vulnerability 20120.0 Microsoft Windows Remote meta high true Desktop Protocol RCE 20120.0 Microsoft Windows Remote meta high true Desktop Protocol RCE 20120.1 Microsoft Windows Remote string-tcp informational true Desktop Protocol RCE 20120.1 Microsoft Windows Remote string-tcp informational true Desktop Protocol RCE 20479.1 Malformed SIP Message atomic-ip medium true 20479.1 Malformed SIP Message atomic-ip medium true CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S447 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 21920.0 Microsoft Excel Remote string-tcp high true Code Execution 21920.0 Microsoft Excel Remote string-tcp high true Code Execution 21979.0 Microsoft Office Word multi-string high true Document Malformed Record 21979.0 Microsoft Office Word multi-string high true Document Malformed Record 21980.0 Microsoft Active string-tcp medium true Directory Denial Of Service 21980.0 Microsoft Active string-tcp medium true Directory Denial Of Service 22039.0 Microsoft Excel Remote string-tcp high true Code Execution 22039.0 Microsoft Excel Remote string-tcp high true Code Execution 22059.0 License Logging Server string-tcp high true Heap Overflow 22059.0 License Logging Server string-tcp high true Heap Overflow 22079.0 Microsoft Windows WSDAPI string-tcp high true Remote Code Execution 22079.0 Microsoft Windows WSDAPI string-tcp high true Remote Code Execution 22080.0 Microsoft Windows string-tcp medium true Kernel-Mode Drivers Remote Code Execution 22080.0 Microsoft Windows string-tcp medium true Kernel-Mode Drivers Remote Code Execution 22081.0 MS Office Excel RCE string-tcp high true 22081.0 MS Office Excel RCE string-tcp high true 22083.0 Microsoft Excel Remote string-tcp high true Code Execution 22083.0 Microsoft Excel Remote string-tcp high true Code Execution 22084.0 MS Office Excel RCE string-tcp high true 22084.0 MS Office Excel RCE string-tcp high true 22086.0 MS Office Excel RCE service-http high true 22086.0 MS Office Excel RCE service-http high true 22120.0 Microsoft Excel Remote string-tcp high true Code Execution 22120.0 Microsoft Excel Remote string-tcp high true Code Execution 22122.0 MS Office Excel RCE string-tcp high true 22122.0 MS Office Excel RCE string-tcp high true TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S446 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 17017.0 InfoSoft FusionCharts SWF service-http high false Flash File Remote Code Execution Vulnerability 17017.0 InfoSoft FusionCharts SWF service-http high false Flash File Remote Code Execution Vulnerability 17300.0 Apache Tomcat Delimiter service-http medium false Character Handling Vulnerability 17300.0 Apache Tomcat Delimiter service-http medium false Character Handling Vulnerability 17348.0 F-Prot Antivirus Products string-tcp high false CHM File Buffer Overflow Vulnerability 17348.0 F-Prot Antivirus Products string-tcp high false CHM File Buffer Overflow Vulnerability 17497.0 Sopcast SopCore string-tcp high false SetExternalPlayer Remote Code Execution 17497.0 Sopcast SopCore string-tcp high false SetExternalPlayer Remote Code Execution 17557.0 Nero MediaHome string-tcp medium false NMMediaServer.EXE Remote Denial of Service 17557.0 Nero MediaHome string-tcp medium false NMMediaServer.EXE Remote Denial of Service 17657.0 Apache Tomcat Host string-tcp high false Manager Servlet (aliases) Cross Site Scripting 17657.0 Apache Tomcat Host string-tcp high false Manager Servlet (aliases) Cross Site Scripting 18302.0 HP Instant Support string-tcp high false ActiveX Vulnerability 18302.0 HP Instant Support string-tcp high false ActiveX Vulnerability 18622.0 Microsoft Internet string-tcp high false Explorer WMF Image Parsing Memory Corruption Vulnerability 18622.0 Microsoft Internet string-tcp high false Explorer WMF Image Parsing Memory Corruption Vulnerability 19419.0 CA Brightstor ARCserve string-tcp high false Backup caloggerd Opcode 79 Stack Buffer Overflow 19419.0 CA Brightstor ARCserve string-tcp high false Backup caloggerd Opcode 79 Stack Buffer Overflow 19439.0 Samba WINS Server Name atomic-ip high false Registration Handling Stack Buffer Overflow 19439.0 Samba WINS Server Name atomic-ip high false Registration Handling Stack Buffer Overflow 19461.0 GNU gzip LZH string-tcp high false Decompression make_table Stack Modification 19461.0 GNU gzip LZH string-tcp high false Decompression make_table Stack Modification 19479.0 Apple Mac OS X Installer service-http high false Package Filename Format String Vulnerability 19479.0 Apple Mac OS X Installer service-http high false Package Filename Format String Vulnerability 19480.0 Motorola Timbuktu Pro string-tcp high false Crafted Login Request Buffer Overflow 19480.0 Motorola Timbuktu Pro string-tcp high false Crafted Login Request Buffer Overflow 19482.0 BakBone NetVault Buffer string-tcp high false Overflow 19482.0 BakBone NetVault Buffer string-tcp high false Overflow 19485.0 InterWoven WorkDocs XSS string-tcp medium false Vulnerability 19485.0 InterWoven WorkDocs XSS string-tcp medium false Vulnerability 19499.0 Ipswitch Whatsup Small service-http medium false Business Directory Traversal 19499.0 Ipswitch Whatsup Small service-http medium false Business Directory Traversal 19541.0 VLC Media Player XSPF string-tcp medium false Playlist Memory Corruption 19541.0 VLC Media Player XSPF string-tcp medium false Playlist Memory Corruption 19739.0 Oracle HTTP Server service-http high false Mod_access Restriction Bypass 19739.0 Oracle HTTP Server service-http high false Mod_access Restriction Bypass 19740.0 Oracle Application Server service-http high false desname Arbitrary File Overwriting 19740.0 Oracle Application Server service-http high false desname Arbitrary File Overwriting 19800.0 427BB Cookie-based service-http medium false Authentication Bypass 19800.0 427BB Cookie-based service-http medium false Authentication Bypass 19859.0 Samba Crafted Mailslot atomic-ip high false Name Buffer Overflow 19859.0 Samba Crafted Mailslot atomic-ip high false Name Buffer Overflow 19860.0 McAfee ePolicy string-tcp high false Orchestrator Framework HTTP Buffer Overflow 19860.0 McAfee ePolicy string-tcp high false Orchestrator Framework HTTP Buffer Overflow 20019.0 Mac OSX Finder DMG Volume string-tcp high false Name Memory Corruption 20019.0 Mac OSX Finder DMG Volume string-tcp high false Name Memory Corruption 21259.0 ActiveCampaign 1-2-All service-http medium false Control Panel Username SQL Injection Vulnerability 21259.0 ActiveCampaign 1-2-All service-http medium false Control Panel Username SQL Injection Vulnerability 21379.0 Oracle TimesTen Remote service-http high true Format String 21379.0 Oracle TimesTen Remote service-http high true Format String 21443.0 VEGO Web Forum login.php string-tcp high false username Parameter SQL Injection 21443.0 VEGO Web Forum login.php string-tcp high false username Parameter SQL Injection 21639.0 PeerCast Format string string-tcp high false vulnerability 21639.0 PeerCast Format string string-tcp high false vulnerability 21662.0 Process PHP login string-tcp high false parameter SQL Injection Vulnerability 21662.0 Process PHP login string-tcp high false parameter SQL Injection Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S445 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 19940.0 Novell eDirectory HTTP string-tcp medium false Headers Denial of Service 19940.0 Novell eDirectory HTTP string-tcp medium false Headers Denial of Service 19999.0 IBM Lotus Domino LDAP string-tcp high false Server Invalid DN Buffer Overflow 19999.0 IBM Lotus Domino LDAP string-tcp high false Server Invalid DN Buffer Overflow 20039.0 Norton Anti-Virus 2004 string-tcp high false ActiveX DoS 20039.0 Norton Anti-Virus 2004 string-tcp high false ActiveX DoS 20139.0 Ruby Multiple Security string-tcp high false Bypass and Denial of Service Vulnerability 20139.0 Ruby Multiple Security string-tcp high false Bypass and Denial of Service Vulnerability 20139.1 Ruby Multiple Security string-tcp high false Bypass and Denial of Service Vulnerability 20139.1 Ruby Multiple Security string-tcp high false Bypass and Denial of Service Vulnerability 20139.2 Ruby Multiple Security string-tcp high false Bypass and Denial of Service Vulnerability 20139.2 Ruby Multiple Security string-tcp high false Bypass and Denial of Service Vulnerability 20739.0 Trend Micro OfficeScan string-tcp high false Client ActiveX Control Buffer Overflow 20739.0 Trend Micro OfficeScan string-tcp high false Client ActiveX Control Buffer Overflow 20920.0 Apple Mac OS X ImageIO string-tcp high false gifGetBandProc GIF Image Handling Integer Overflow 20920.0 Apple Mac OS X ImageIO string-tcp high false gifGetBandProc GIF Image Handling Integer Overflow 20939.0 ACDSee Image Viewer service-http high false Memory Corruption 20939.0 ACDSee Image Viewer service-http high false Memory Corruption TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 19259.0 Cisco IOS/Unified string-tcp high false Communications Manager SIP Vulnerability 19259.0 Cisco IOS/Unified string-tcp high false Communications Manager SIP Vulnerability CAVEATS None. Modified signature(s) detail: 19259-0 - Disabled and Retired ================================================================================================= S444 SIGNATURE UPDATE DETAILS NEW SIGNATURES There are no new signatures for this release. TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 1300.0 TCP Segment Overwrite normalizer high false 1300.0 TCP Segment Overwrite normalizer high false 3106.0 Mail Spam state low false 3106.0 Mail Spam state low false CAVEATS None. Modified signature(s) detail: Signature 1300-0 and 3106-0 was disabled and retired. ================================================================================================= S443 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 21819.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution 21819.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution 21820.0 Microsoft LSA Subsystem string-tcp low true DoS 21820.0 Microsoft LSA Subsystem string-tcp low true DoS 21821.0 Microsoft GDI+ Code string-tcp high true Execution 21821.0 Microsoft GDI+ Code string-tcp high true Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S442 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20139.3 Ruby Multiple Security string-tcp high false Bypass and Denial of Service Vulnerability 20139.3 Ruby Multiple Security string-tcp high false Bypass and Denial of Service Vulnerability 20159.0 Oracle Create Database string-tcp high false Link Buffer Overflow 20159.0 Oracle Create Database string-tcp high false Link Buffer Overflow 20160.0 Microsoft Windows Shell string-tcp high false CLSID File Extension Misrepresentation Vulnerability 20160.0 Microsoft Windows Shell string-tcp high false CLSID File Extension Misrepresentation Vulnerability 20239.0 Microsoft Internet string-tcp medium false Explorer MSWebDVD Object Denial Of Service Vulnerability 20239.0 Microsoft Internet string-tcp medium false Explorer MSWebDVD Object Denial Of Service Vulnerability 20279.0 Mozilla Products IDN service-http medium false Spoofing Vulnerability 20279.0 Mozilla Products IDN service-http medium false Spoofing Vulnerability 20280.0 Opera Telnet URI Handler string-tcp high false File Creation 20280.0 Opera Telnet URI Handler string-tcp high false File Creation 20420.0 MySQL yaSSL SSL Hello string-tcp high false Message Buffer Overflow 20420.0 MySQL yaSSL SSL Hello string-tcp high false Message Buffer Overflow 20439.0 Norton Firewall NBNS atomic-ip high false Response Heap Corruption 20439.0 Norton Firewall NBNS atomic-ip high false Response Heap Corruption 20440.0 Symantec Enterprise atomic-ip medium false Firewall DNSD DNS Cache Poisoning Vulnerability 20440.0 Symantec Enterprise atomic-ip medium false Firewall DNSD DNS Cache Poisoning Vulnerability 20459.0 Sun JRE Java Plug-in string-tcp high false JavaScript Access Controls Bypass Vulnerability 20459.0 Sun JRE Java Plug-in string-tcp high false JavaScript Access Controls Bypass Vulnerability 20460.0 IBM Tivoli Monitoring string-tcp high false Express Universal Agent Buffer Overflow 20460.0 IBM Tivoli Monitoring string-tcp high false Express Universal Agent Buffer Overflow 20499.0 Multiple Vendor TCP atomic-ip medium false Connection Reset Denial of Service 20499.0 Multiple Vendor TCP atomic-ip medium false Connection Reset Denial of Service 20539.0 Microsoft Office PICT string-tcp high false Filter Map Structure Memory Corruption 20539.0 Microsoft Office PICT string-tcp high false Filter Map Structure Memory Corruption 20619.0 ISC DHCP Client Subnet multi-string high true Mask Buffer Overflow 20619.0 ISC DHCP Client Subnet multi-string high true Mask Buffer Overflow 20759.0 TheWebForum Login.php service-http medium true Username Parameter SQL Injection 20759.0 TheWebForum Login.php service-http medium true Username Parameter SQL Injection 20839.0 Quick Tftp Server Pro string-udp medium false Long Mode Buffer Overflow Vulnerability 20839.0 Quick Tftp Server Pro string-udp medium false Long Mode Buffer Overflow Vulnerability 20921.0 Mozilla Network Security string-tcp high false Services SSLv2 Client Integer Underflow 20921.0 Mozilla Network Security string-tcp high false Services SSLv2 Client Integer Underflow 21200.0 Adobe Acrobat Reader PDF service-http high false Catalog Handling Vulnerability 21200.0 Adobe Acrobat Reader PDF service-http high false Catalog Handling Vulnerability 21219.0 libpng png_handle_sBIT string-tcp high false Local Overflow 21219.0 libpng png_handle_sBIT string-tcp high false Local Overflow 21239.0 Light Weight Calendar service-http high false Index.PHP Remote Command Execution Vulnerability 21239.0 Light Weight Calendar service-http high false Index.PHP Remote Command Execution Vulnerability 21420.0 Microsoft Windows JScript string-tcp high true Remote Code Execution 21420.0 Microsoft Windows JScript string-tcp high true Remote Code Execution 21441.0 FreeRADIUS Tunnel multi-string medium true Password Denial Of Service 21441.0 FreeRADIUS Tunnel multi-string medium true Password Denial Of Service TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6926.0 Cisco IOS DLSw DoS service-generi medium true c 6926.0 Cisco IOS DLSw DoS service-generi medium true c 18800.0 ASA WebVPN Cross Site string-tcp high true Scripting 18800.0 ASA WebVPN Cross Site string-tcp high true Scripting 21359.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption Vulnerability 21359.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption Vulnerability 21622.1 Microsoft Windows GDI+ multi-string high true Code Execution 21622.1 Microsoft Windows GDI+ multi-string high true Code Execution CAVEATS None. Modified signature(s) detail: 6926-0 - Fidelity improvement 18800-0 - SFR changed to 90 21622-1 - Fidelity improvement 21539-0 - Fidelity improvement ================================================================================================= S441 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 21359.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption Vulnerability 21359.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption Vulnerability 21380.0 Microsoft CryptoAPI multi-string high true Spoofing Vulnerability 21380.0 Microsoft CryptoAPI multi-string high true Spoofing Vulnerability 21459.0 Media Runtime Heap string-tcp high true Corruption Vulnerability 21459.0 Media Runtime Heap string-tcp high true Corruption Vulnerability 21460.0 Windows Media Runtime string-tcp high true Voice Sample Rate Vulnerability 21460.0 Windows Media Runtime string-tcp high true Voice Sample Rate Vulnerability 21479.0 GDI+ PNG Integer Overflow string-tcp high true Vulnerability 21479.0 GDI+ PNG Integer Overflow string-tcp high true Vulnerability 21499.0 GDI+ PNG Heap Overflow string-tcp high true Vulnerability 21499.0 GDI+ PNG Heap Overflow string-tcp high true Vulnerability 21500.0 Office BMP Integer string-tcp high true Overflow Vulnerability 21500.0 Office BMP Integer string-tcp high true Overflow Vulnerability 21519.0 Microsoft Internet string-tcp high true Explorer Data Stream Header Corruption Vulnerability 21519.0 Microsoft Internet string-tcp high true Explorer Data Stream Header Corruption Vulnerability 21520.0 GDI+ .Net PropertyItem string-tcp high true Heap Overflow 21520.0 GDI+ .Net PropertyItem string-tcp high true Heap Overflow 21539.0 FTP Service for IIS meta medium true Denial of Service 21539.0 FTP Service for IIS meta medium true Denial of Service 21539.1 FTP Service for IIS string-tcp informational true Denial of Service 21539.1 FTP Service for IIS string-tcp informational true Denial of Service 21539.2 FTP Service for IIS string-tcp informational true Denial of Service 21539.2 FTP Service for IIS string-tcp informational true Denial of Service 21559.0 Microsoft Excel Memory string-tcp high true Couption Vulnerability 21559.0 Microsoft Excel Memory string-tcp high true Couption Vulnerability 21559.1 Microsoft Word Memory string-tcp high true Couption Vulnerability 21559.1 Microsoft Word Memory string-tcp high true Couption Vulnerability 21580.0 Microsoft .NET Framework string-tcp high true Code Access Security Pointer Verification Vulnerability 21580.0 Microsoft .NET Framework string-tcp high true Code Access Security Pointer Verification Vulnerability 21581.0 Silverlight and Microsoft string-tcp high true .NET Framework CLR Vulnerability 21581.0 Silverlight and Microsoft string-tcp high true .NET Framework CLR Vulnerability 21599.0 Microsoft Windows meta high true Indexing Service ActiveX Control Memory Corruption Vulnerability 21599.0 Microsoft Windows meta high true Indexing Service ActiveX Control Memory Corruption Vulnerability 21599.1 Microsoft Windows string-tcp informational true Indexing Service ActiveX Control Memory Corruption Vulnerability 21599.1 Microsoft Windows string-tcp informational true Indexing Service ActiveX Control Memory Corruption Vulnerability 21599.2 Microsoft Windows string-tcp informational true Indexing Service ActiveX Control Memory Corruption Vulnerability 21599.2 Microsoft Windows string-tcp informational true Indexing Service ActiveX Control Memory Corruption Vulnerability 21600.0 Microsoft Internet string-tcp high true Explorer HTML Component Handling Vulnerability 21600.0 Microsoft Internet string-tcp high true Explorer HTML Component Handling Vulnerability 21600.0 Microsoft Internet string-tcp high true Explorer HTML Component Handling Vulnerability 21600.0 Microsoft Internet string-tcp high true Explorer HTML Component Handling Vulnerability 21619.0 Windows Vista/2008 SMBv2 meta medium true DoS 21619.0 Windows Vista/2008 SMBv2 meta medium true DoS 21619.1 SMBv2 Session Start string-tcp informational true 21619.1 SMBv2 Session Start string-tcp informational true 21619.2 SMBv2 Denial Of Service string-tcp informational true Attack 21619.2 SMBv2 Denial Of Service string-tcp informational true Attack 21622.0 Microsoft Windows GDI+ multi-string high true Code Execution 21622.0 Microsoft Windows GDI+ multi-string high true Code Execution 21622.1 Microsoft Windows GDI+ multi-string high true Code Execution 21622.1 Microsoft Windows GDI+ multi-string high true Code Execution 21623.0 Microsoft .NET Framework string-tcp high true Code Access Security Type Verification Vulnerability 21623.0 Microsoft .NET Framework string-tcp high true Code Access Security Type Verification Vulnerability 21660.0 WMP Heap Overflow string-tcp high true Vulnerability 21660.0 WMP Heap Overflow string-tcp high true Vulnerability 21661.0 WMP Heap Overflow string-tcp high true Vulnerability 21661.0 WMP Heap Overflow string-tcp high true Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6250.0 FTP Authorization Failure string-tcp informational false 6250.0 FTP Authorization Failure string-tcp informational false 6426.0 Microsoft Word mso.dll meta high false LsCreateLine Memory Corruption 6426.0 Microsoft Word mso.dll meta high false LsCreateLine Memory Corruption CAVEATS None. Modified signature(s) detail: Sig 6250-0 was modified to Retired and Disabled. Sig 6426-0 one component sig id had a typo, was modified from 6424-1 to 6426-1. ================================================================================================= S440 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6168.0 Computer Associates meta high false Products Message Engine RPC Server Buffer Overflow 6168.0 Computer Associates meta high false Products Message Engine RPC Server Buffer Overflow 21381.0 nginx URI Parsing Buffer string-tcp high true Underflow 21381.0 nginx URI Parsing Buffer string-tcp high true Underflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 18437.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18437.0 Microsoft Office Excel string-tcp high true Remote Code Execution 50000.0 Outbreak Prevention atomic-ip high false Signature 50000.0 Outbreak Prevention atomic-ip high false Signature 50000.1 Outbreak Prevention atomic-ip high false Signature 50000.1 Outbreak Prevention atomic-ip high false Signature 50000.2 Outbreak Prevention atomic-ip high false Signature 50000.2 Outbreak Prevention atomic-ip high false Signature CAVEATS None. Modified signature(s) detail: The following signatures have been retired in S440: 50000-0 Outbreak Prevention Signature 50000-1 Outbreak Prevention Signature 50000-2 Outbreak Prevention Signature Sig 18437-0 was modified to increase SFR to 90. ================================================================================================= S439 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6168.1 Computer Associates service-msrpc informational false Products Message Engine RPC Server Buffer Overflow 6168.1 Computer Associates service-msrpc informational false Products Message Engine RPC Server Buffer Overflow 20162.0 Microsoft Internet string-tcp medium false Explorer URL Spoofing 20162.0 Microsoft Internet string-tcp medium false Explorer URL Spoofing 20542.0 GD Library PNG Buffer string-tcp high false Overflow 20542.0 GD Library PNG Buffer string-tcp high false Overflow 20561.0 CVS Max-dotdot Protocol string-tcp medium false Command Integer Overflow 20561.0 CVS Max-dotdot Protocol string-tcp medium false Command Integer Overflow 20579.0 Oracle Database string-tcp medium false InterMedia Denial of Service 20579.0 Oracle Database string-tcp medium false InterMedia Denial of Service 20580.0 Microsoft IE Non-FQDN URI string-tcp high false Address Zone Bypass 20580.0 Microsoft IE Non-FQDN URI string-tcp high false Address Zone Bypass 20599.0 LANDesk Management Suite atomic-ip high false Alert Service Stack Overflow Vulnerability 20599.0 LANDesk Management Suite atomic-ip high false Alert Service Stack Overflow Vulnerability 20740.0 IBM Tivoli Provisioning string-tcp high false Manager for OS Deployment HTTP Buffer Overflow 20740.0 IBM Tivoli Provisioning string-tcp high false Manager for OS Deployment HTTP Buffer Overflow 20841.0 Microsoft Step-by-Step string-tcp high false Interactive Training Crafted Bookmark Link File Buffer Overflow 20841.0 Microsoft Step-by-Step string-tcp high false Interactive Training Crafted Bookmark Link File Buffer Overflow 20859.0 Apple QuickTime Plug-In string-tcp high false Security Bypass 20859.0 Apple QuickTime Plug-In string-tcp high false Security Bypass 20979.0 IBM Lotus Domino Web string-tcp high false Access ActiveX Control Buffer Overflow 20979.0 IBM Lotus Domino Web string-tcp high false Access ActiveX Control Buffer Overflow 21039.0 Blue Coat Systems string-tcp medium false WinProxy Telnet Service DoS 21039.0 Blue Coat Systems string-tcp medium false WinProxy Telnet Service DoS TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3168.0 FTP SITE EXEC Directory string-tcp high false Traversal 3168.0 FTP SITE EXEC Directory string-tcp high false Traversal 3170.0 WS_FTP SITE CPWD Buffer string-tcp high false Overflow 3170.0 WS_FTP SITE CPWD Buffer string-tcp high false Overflow 4500.0 Cisco IOS Embedded SNMP service-snmp high false Community Names 4500.0 Cisco IOS Embedded SNMP service-snmp high false Community Names 4500.1 Cisco IOS Embedded SNMP service-snmp high false Community Names 4500.1 Cisco IOS Embedded SNMP service-snmp high false Community Names 5123.2 WWW IIS Internet Printing service-http high false Overflow 5123.2 WWW IIS Internet Printing service-http high false Overflow 5442.0 Cursor/Icon File Format string-tcp high false Buffer Overflow 5442.0 Cursor/Icon File Format string-tcp high false Buffer Overflow 5804.1 VPN3000 Concentrator string-tcp informational false Unauthenticated FTP Access 5804.1 VPN3000 Concentrator string-tcp informational false Unauthenticated FTP Access 5805.0 VPN3000 Concentrator FTP meta high false RMD Execution 5805.0 VPN3000 Concentrator FTP meta high false RMD Execution 5805.1 VPN3000 Concentrator FTP string-tcp informational false RMD Execution 5805.1 VPN3000 Concentrator FTP string-tcp informational false RMD Execution 5831.0 Cisco Secure Access atomic-ip high false Control Server RADIUS Accounting Request Vulnerability 5831.0 Cisco Secure Access atomic-ip high false Control Server RADIUS Accounting Request Vulnerability 5835.2 Cisco IOS SIP DoS meta medium false Vulnerability 5835.2 Cisco IOS SIP DoS meta medium false Vulnerability 5835.3 Cisco IOS SIP DoS atomic-ip informational false Vulnerability 5835.3 Cisco IOS SIP DoS atomic-ip informational false Vulnerability 5835.4 Cisco IOS SIP DoS atomic-ip informational false Vulnerability 5835.4 Cisco IOS SIP DoS atomic-ip informational false Vulnerability 5854.0 Cisco CUCM/CUPS Denial service-generi medium false of Service Vulnerability c 5854.0 Cisco CUCM/CUPS Denial service-generi medium false of Service Vulnerability c 5854.1 Cisco CUCM/CUPS Denial string-tcp medium false of Service Vulnerability 5854.1 Cisco CUCM/CUPS Denial string-tcp medium false of Service Vulnerability 6507.0 TFN2K Control Traffic trojan-tfn2k medium false 6507.0 TFN2K Control Traffic trojan-tfn2k medium false 6508.0 Mstream Control Traffic string-tcp medium false 6508.0 Mstream Control Traffic string-tcp medium false 6508.2 Mstream Control Traffic atomic-ip medium false 6508.2 Mstream Control Traffic atomic-ip medium false 6528.0 Oracle Application Server service-http medium false 10G EmChartBeam Remote Directory Traversal 6528.0 Oracle Application Server service-http medium false 10G EmChartBeam Remote Directory Traversal 6534.0 Symantec Backup Exec meta high false ActiveX Control 6534.0 Symantec Backup Exec meta high false ActiveX Control 6534.1 Symantec Backup Exec string-tcp informational false ActiveX Control 6534.1 Symantec Backup Exec string-tcp informational false ActiveX Control 6979.0 BEA WebLogic Server string-tcp high false Apache Connector HTTP Version String BO 6979.0 BEA WebLogic Server string-tcp high false Apache Connector HTTP Version String BO 6996.0 GDI+ BMP Integer Overflow string-tcp high false 6996.0 GDI+ BMP Integer Overflow string-tcp high false CAVEATS None. Modified signature(s) detail: The following sigs have been retired in S439: 3168-0 FTP SITE EXEC Directory Traversal 3170-0 WS_FTP SITE CPWD Buffer Overflow 4500-1 Cisco IOS Embedded SNMP Community Names 4500-0 Cisco IOS Embedded SNMP Community Names 5123-2 WWW IIS Internet Printing Overflow 5442-0 Cursor/Icon File Format Buffer Overflow 5804-1 VPN3000 Concentrator Unauthenticated FTP Access 5805-0 VPN3000 Concentrator FTP RMD Execution 5805-1 VPN3000 Concentrator FTP RMD Execution 5831-0 Cisco Secure Access Control Server RADIUS Accounting Request Vulnerability 5835-2 Cisco IOS SIP DoS Vulnerability 5835-3 Cisco IOS SIP DoS Vulnerability 5835-4 Cisco IOS SIP DoS Vulnerability 5854-0 Cisco CUCM/CUPS Denial of Service Vulnerability 5854-1 Cisco CUCM/CUPS Denial of Service Vulnerability 6507-0 TFN2K Control Traffic 6508-0 Mstream Control Traffic 6508-2 Mstream Control Traffic 6528-0 Oracle Application Server 10G EmChartBeam Remote Directory Traversal 6534-0 Symantec Backup Exec ActiveX Control 6534-1 Symantec Backup Exec ActiveX Control The following sigs are disabled but not retired: 6996-0 GDI+ BMP Integer Overflow 6979-0 BEA WebLogic Server Apache Connector HTTP Version String BO 6250-0 FTP Authorization Failure ================================================================================================= S438 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 21301.0 Windows SMB2 Field Remote string-tcp high true Code Execution 21301.0 Windows SMB2 Field Remote string-tcp high true Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S437 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5684.7 Malformed SIP Packet atomic-ip medium true 5684.7 Malformed SIP Packet atomic-ip medium true 6451.0 MediaWiki Language Option service-http high false PHP Code Execution 6451.0 MediaWiki Language Option service-http high false PHP Code Execution 6456.0 Flash Media Server DoS string-tcp medium false 6456.0 Flash Media Server DoS string-tcp medium false 6462.0 Microsoft Internet meta high false Explorer CDF Cross Domain Scripting 6462.0 Microsoft Internet meta high false Explorer CDF Cross Domain Scripting 6462.1 Microsoft Internet string-tcp informational false Explorer CDF Cross Domain Scripting 6462.1 Microsoft Internet string-tcp informational false Explorer CDF Cross Domain Scripting 6477.0 Multiple Web Browsers string-tcp high false Window Injection. 6477.0 Multiple Web Browsers string-tcp high false Window Injection. 6487.0 TikiWiki jhot.php Script service-http high false File Upload Security Bypass 6487.0 TikiWiki jhot.php Script service-http high false File Upload Security Bypass 6707.0 Microsoft Windows Remote string-tcp medium false Desktop Protocol DoS 6707.0 Microsoft Windows Remote string-tcp medium false Desktop Protocol DoS 6743.0 Novell ZENworks Asset string-tcp high false Mangement Overflow 6743.0 Novell ZENworks Asset string-tcp high false Mangement Overflow 6757.0 Microsoft Internet string-tcp high false Explorer Page Update Race Condition 6757.0 Microsoft Internet string-tcp high false Explorer Page Update Race Condition 6758.0 Microsoft Visio Version string-tcp high false Number Code Execution Vulnerability 6758.0 Microsoft Visio Version string-tcp high false Number Code Execution Vulnerability 6766.0 IE Security Zone Bypass service-http high false and Address Spoofing 6766.0 IE Security Zone Bypass service-http high false and Address Spoofing 7214.0 Novell GroupWise Client string-tcp high false IMG Tag SRC Parameter Buffer Overflow 7214.0 Novell GroupWise Client string-tcp high false IMG Tag SRC Parameter Buffer Overflow 7418.0 Mozilla NNTP Heap Overflow string-tcp high false 7418.0 Mozilla NNTP Heap Overflow string-tcp high false 15953.0 MailEnable Imap Buffer string-tcp high false Overflow 15953.0 MailEnable Imap Buffer string-tcp high false Overflow 16094.0 Apache HTTP Server service-http high false mod_negotiation Cross Site Scripting 16094.0 Apache HTTP Server service-http high false mod_negotiation Cross Site Scripting 16113.0 Microsoft Internet string-tcp high false Explorer Cross Domain Information Disclosure Vulnerability 16113.0 Microsoft Internet string-tcp high false Explorer Cross Domain Information Disclosure Vulnerability 16135.0 Microsoft Windows GDI WMF string-tcp high false File HeaderSize Buffer Overflow 16135.0 Microsoft Windows GDI WMF string-tcp high false File HeaderSize Buffer Overflow 16160.0 Microsoft Internet string-tcp high false Explorer Object-Based Window Location Cross-Domain Security Bypass 16160.0 Microsoft Internet string-tcp high false Explorer Object-Based Window Location Cross-Domain Security Bypass 16162.0 Microsoft Office Excel string-tcp high false File Malformed Formula Parsing Vulnerability 16162.0 Microsoft Office Excel string-tcp high false File Malformed Formula Parsing Vulnerability 16757.0 Microsoft Windows Server string-tcp high false Service SMB Rename Code Execution 16757.0 Microsoft Windows Server string-tcp high false Service SMB Rename Code Execution 17273.0 Cerulean Studios Trillian string-tcp high false AIM XML Tag Handling Heap Buffer Overflow 17273.0 Cerulean Studios Trillian string-tcp high false AIM XML Tag Handling Heap Buffer Overflow 18479.0 H.323 Call Signalling string-tcp high true Vulnerability 18479.0 H.323 Call Signalling string-tcp high true Vulnerability 18639.0 Cisco IOS SIP Parser atomic-ip high true Vulnerability 18639.0 Cisco IOS SIP Parser atomic-ip high true Vulnerability 19020.0 Mercury Mail Remote string-tcp high false Mailbox Name Service Buffer Overflow 19020.0 Mercury Mail Remote string-tcp high false Mailbox Name Service Buffer Overflow 19079.0 IBM Informix Dynamic string-tcp high false Server Command Argument Processing Stack Overflow 19079.0 IBM Informix Dynamic string-tcp high false Server Command Argument Processing Stack Overflow 19079.1 IBM Informix Dynamic string-tcp high false Server Command Argument Processing Stack Overflow Details 19079.1 IBM Informix Dynamic string-tcp high false Server Command Argument Processing Stack Overflow Details 19080.0 Norton Internet Security string-tcp high false 2004 buffer overflow 19080.0 Norton Internet Security string-tcp high false 2004 buffer overflow 19081.0 Symantec Veritas string-tcp high false NetBackup Server bpcd Long Request Buffer Overflow 19081.0 Symantec Veritas string-tcp high false NetBackup Server bpcd Long Request Buffer Overflow 19139.0 Microsoft Word Section string-tcp high false Table Array Buffer Overflow 19139.0 Microsoft Word Section string-tcp high false Table Array Buffer Overflow 19259.0 Cisco IOS/Unified string-tcp high true Communications Manager SIP Vulnerability 19259.0 Cisco IOS/Unified string-tcp high true Communications Manager SIP Vulnerability 19319.0 MySQL CREATE FUNCTION string-tcp high false libc Arbitrary Code Execution 19319.0 MySQL CREATE FUNCTION string-tcp high false libc Arbitrary Code Execution 19379.0 Oracle Application Server service-http medium false 9i WebCache File Corruption 19379.0 Oracle Application Server service-http medium false 9i WebCache File Corruption 19380.0 Oracle Application Server service-http high false Forms Arbitrary System Command Execution 19380.0 Oracle Application Server service-http high false Forms Arbitrary System Command Execution 19399.0 CVS Annotate Command Long string-tcp high false Revision String Buffer Overflow 19399.0 CVS Annotate Command Long string-tcp high false Revision String Buffer Overflow 19420.0 Cisco IOS/Unified atomic-ip high true Communications Manager SIP Vulnerability 19420.0 Cisco IOS/Unified atomic-ip high true Communications Manager SIP Vulnerability 20099.0 Cisco CME Buffer Overflow service-http high true 20099.0 Cisco CME Buffer Overflow service-http high true 20362.0 IOS Software Crafted string-tcp medium true Encryption Packet DOS 20362.0 IOS Software Crafted string-tcp medium true Encryption Packet DOS TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5326.0 Root.exe access service-http high false 5326.0 Root.exe access service-http high false 5390.0 Swen Worm HTTP Counter service-http medium false Update Attempt 5390.0 Swen Worm HTTP Counter service-http medium false Update Attempt 5445.0 AWStats configdir Command service-http high false Exec 5445.0 AWStats configdir Command service-http high false Exec 5459.0 WebConnect Directory service-http medium false Traversal Vulnerability 5459.0 WebConnect Directory service-http medium false Traversal Vulnerability 5608.0 Network Supervisor service-http medium false Directory Traversal Vulnerability 5608.0 Network Supervisor service-http medium false Directory Traversal Vulnerability 5634.0 Barracuda Spam Firewall service-http high false Command Execution 5634.0 Barracuda Spam Firewall service-http high false Command Execution 5684.5 Malformed SIP Packet string-udp medium false 5684.5 Malformed SIP Packet string-udp medium false 5754.0 PAJAX Remote Code service-http high false Execution Vulnerability 5754.0 PAJAX Remote Code service-http high false Execution Vulnerability 5765.0 Horde Help Viewer Remote service-http high false Code Execution 5765.0 Horde Help Viewer Remote service-http high false Code Execution 5823.0 McAfee Epolicy Overflow service-http high false 5823.0 McAfee Epolicy Overflow service-http high false 5851.0 WCS Administrative service-http low false Directory Access 5851.0 WCS Administrative service-http low false Directory Access 5991.0 MaxDB WebDBM Buffer service-http high false Overflow 5991.0 MaxDB WebDBM Buffer service-http high false Overflow 6944.0 CUPS CGI Compile Search service-http high false Overflow 6944.0 CUPS CGI Compile Search service-http high false Overflow 6945.0 HP OpenView OVAS.EXE service-http high false Stack Overflow 6945.0 HP OpenView OVAS.EXE service-http high false Stack Overflow 7222.0 Joomla 1.5 Password Token service-http high false Bypass 7222.0 Joomla 1.5 Password Token service-http high false Bypass 7266.0 TWiki Remote Command service-http high false Execution 7266.0 TWiki Remote Command service-http high false Execution 7269.0 Trend Micro OfficeScan service-http high false Server Overflow 7269.0 Trend Micro OfficeScan service-http high false Server Overflow 11028.0 WinMx Connection service-http low false 11028.0 WinMx Connection service-http low false 20151.0 Clampi Trojan URLs service-http high false 20151.0 Clampi Trojan URLs service-http high false CAVEATS None. Modified signature(s) detail: 5684-5 ================================================================================================= S436 SIGNATURE UPDATE DETAILS NEW SIGNATURES There are no new signatures for this release. TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20020.0 HTTP Authentication Brute string-tcp high false Force Attempt 20020.0 HTTP Authentication Brute string-tcp high false Force Attempt CAVEATS CSCtc03675 Modified signature(s) detail: 20020-0 is retired by default. ================================================================================================= S435 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3527.7 Qualcomm WorldMail IMAP string-tcp high false Literal Token Parsing Buffer Overflow 3527.7 Qualcomm WorldMail IMAP string-tcp high false Literal Token Parsing Buffer Overflow 5927.0 Novell GroupWise service-http high false WebAccess Overflow 5927.0 Novell GroupWise service-http high false WebAccess Overflow 5942.0 Yahoo Messenger AudioConf meta high false ActiveX Overflow 5942.0 Yahoo Messenger AudioConf meta high false ActiveX Overflow 5942.1 Yahoo Messenger AudioConf string-tcp informational false ActiveX Overflow 5942.1 Yahoo Messenger AudioConf string-tcp informational false ActiveX Overflow 5942.2 Yahoo Messenger AudioConf string-tcp informational false ActiveX Overflow 5942.2 Yahoo Messenger AudioConf string-tcp informational false ActiveX Overflow 5953.0 Apache Tomcat Directory service-http medium false Traversal 5953.0 Apache Tomcat Directory service-http medium false Traversal 5959.0 Citrix ICA Client ActiveX meta high false Control Buffer Overflow Vulnerability 5959.0 Citrix ICA Client ActiveX meta high false Control Buffer Overflow Vulnerability 5959.1 Citrix ICA Client ActiveX string-tcp medium false Control Buffer Overflow Vulnerability 5959.1 Citrix ICA Client ActiveX string-tcp medium false Control Buffer Overflow Vulnerability 5980.0 Microsoft Speech API string-tcp high false Buffer Overflow 5980.0 Microsoft Speech API string-tcp high false Buffer Overflow 5982.0 Visual Basic for string-tcp high false Applications SDK Overflow 5982.0 Visual Basic for string-tcp high false Applications SDK Overflow 5997.0 eGatherer RunEgatherer meta high false Buffer Overflow 5997.0 eGatherer RunEgatherer meta high false Buffer Overflow 5997.1 eGatherer RunEgatherer string-tcp informational false Buffer Overflow 5997.1 eGatherer RunEgatherer string-tcp informational false Buffer Overflow 5997.2 eGatherer RunEgatherer string-tcp informational false Buffer Overflow 5997.2 eGatherer RunEgatherer string-tcp informational false Buffer Overflow 6000.0 Oracle Server Reports service-http high false Command Execution 6000.0 Oracle Server Reports service-http high false Command Execution 6022.0 WebSphere J_Username service-http high false Buffer Overflow 6022.0 WebSphere J_Username service-http high false Buffer Overflow 6031.0 Mcafee FreeScan string-tcp medium false Information Disclosure 6031.0 Mcafee FreeScan string-tcp medium false Information Disclosure 6048.0 Oracle Database Server string-tcp high false SQL SYS.KUPV Injection 6048.0 Oracle Database Server string-tcp high false SQL SYS.KUPV Injection 6049.0 Oracle Database Server string-tcp high false Login Access Control Bypass Exploit 6049.0 Oracle Database Server string-tcp high false Login Access Control Bypass Exploit 6072.0 Visual Basic VBP Buffer string-tcp high false Overflow 6072.0 Visual Basic VBP Buffer string-tcp high false Overflow 6076.0 ISC BIND DNS resolver atomic-ip high false buffer overflow 6076.0 ISC BIND DNS resolver atomic-ip high false buffer overflow 6078.0 Outlook Web Access XSS string-tcp high false 6078.0 Outlook Web Access XSS string-tcp high false 6079.0 ACDSee Products XPM string-tcp high false Vulnerability 6079.0 ACDSee Products XPM string-tcp high false Vulnerability 6091.0 Acrobat Reader File string-tcp high false Extension Buffer Overflow 6091.0 Acrobat Reader File string-tcp high false Extension Buffer Overflow 6094.0 Nullsoft Winamp M3U string-tcp high false Remote Buffer Overflow 6094.0 Nullsoft Winamp M3U string-tcp high false Remote Buffer Overflow 6142.0 Apache HTTP Server string-tcp medium false Mod_Cache Module DoS 6142.0 Apache HTTP Server string-tcp medium false Mod_Cache Module DoS 6204.0 IIS Source Code Disclosure service-http medium false 6204.0 IIS Source Code Disclosure service-http medium false 6206.0 WorldMail IMAP Directory string-tcp medium false Traversal 6206.0 WorldMail IMAP Directory string-tcp medium false Traversal 6219.0 CommuniGate Pro LDAP string-tcp medium false Server Buffer Overflow 6219.0 CommuniGate Pro LDAP string-tcp medium false Server Buffer Overflow 6220.0 Retrospect Backup Agent string-tcp medium false Denial of Service 6220.0 Retrospect Backup Agent string-tcp medium false Denial of Service 6426.0 Microsoft Word mso.dll meta high false LsCreateLine Memory Corruption 6426.0 Microsoft Word mso.dll meta high false LsCreateLine Memory Corruption 6426.1 Microsoft Word mso.dll service-http informational false LsCreateLine Memory Corruption 6426.1 Microsoft Word mso.dll service-http informational false LsCreateLine Memory Corruption 6431.0 Oracle Web Cache Heap string-tcp high false Overflow 6431.0 Oracle Web Cache Heap string-tcp high false Overflow 6443.0 IMail IMAP Fetch Buffer string-tcp high false Overflow 6443.0 IMail IMAP Fetch Buffer string-tcp high false Overflow 17340.0 Macromedia Flash Media string-tcp medium false Server DoS 17340.0 Macromedia Flash Media string-tcp medium false Server DoS 18257.0 Oracle Application Server service-http medium false Portal Authentication Bypass 18257.0 Oracle Application Server service-http medium false Portal Authentication Bypass 18299.0 Firefox Browser Spoof string-tcp medium false Vulnerability 18299.0 Firefox Browser Spoof string-tcp medium false Vulnerability 18444.0 NIIPrint LPD Request string-tcp high false Overflow 18444.0 NIIPrint LPD Request string-tcp high false Overflow 19660.0 Firefox Hyphenated URL string-tcp medium false Exploit 19660.0 Firefox Hyphenated URL string-tcp medium false Exploit 19660.1 Firefox Hyphenated URL string-tcp medium false Exploit 19660.1 Firefox Hyphenated URL string-tcp medium false Exploit 19781.0 WordPress 2.1.1 Backdoor string-tcp high false IX Parameter Injection Detection 19781.0 WordPress 2.1.1 Backdoor string-tcp high false IX Parameter Injection Detection 19781.1 WordPress 2.1.1 Backdoor string-tcp high false IZ Parameter Injection Detection 19781.1 WordPress 2.1.1 Backdoor string-tcp high false IZ Parameter Injection Detection 20040.0 Versant Object Database string-tcp high false Arbitrary Command Execution 20040.0 Versant Object Database string-tcp high false Arbitrary Command Execution 20359.0 NIIPrint LPD Request string-tcp high false Overflow 20359.0 NIIPrint LPD Request string-tcp high false Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 4500.0 Cisco IOS Embedded SNMP service-snmp high true Community Names 4500.0 Cisco IOS Embedded SNMP service-snmp high true Community Names 4500.1 Cisco IOS Embedded SNMP service-snmp high true Community Names 4500.1 Cisco IOS Embedded SNMP service-snmp high true Community Names 5123.2 WWW IIS Internet Printing service-http high true Overflow 5123.2 WWW IIS Internet Printing service-http high true Overflow 5442.0 Cursor/Icon File Format string-tcp high true Buffer Overflow 5442.0 Cursor/Icon File Format string-tcp high true Buffer Overflow 6250.0 FTP Authorization Failure string-tcp informational true 6250.0 FTP Authorization Failure string-tcp informational true 6979.0 BEA WebLogic Server string-tcp high true Apache Connector HTTP Version String BO 6979.0 BEA WebLogic Server string-tcp high true Apache Connector HTTP Version String BO 6996.0 GDI+ BMP Integer Overflow string-tcp high true 6996.0 GDI+ BMP Integer Overflow string-tcp high true CAVEATS CSCta05287 Modified signature(s) detail: 4500-0,4500-1,5123-2, 5442-0 and 6250-0 are unretired and enabled. 6979-0 and 6996-0 are enabled. ================================================================================================= S434 SIGNATURE UPDATE DETAILS NEW SIGNATURES There are no new signatures for this release. TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3131.0 Mimail Virus L Variant string-tcp medium false File Attachment 3131.0 Mimail Virus L Variant string-tcp medium false File Attachment 3136.0 Netsky Virus Activity string-tcp high false 3136.0 Netsky Virus Activity string-tcp high false 3136.1 Netsky Virus Activity string-tcp high false 3136.1 Netsky Virus Activity string-tcp high false 3136.2 Netsky Virus Activity string-tcp high false 3136.2 Netsky Virus Activity string-tcp high false 3136.3 Netsky Virus Activity string-tcp high false 3136.3 Netsky Virus Activity string-tcp high false 3136.4 Netsky Virus Activity string-tcp high false 3136.4 Netsky Virus Activity string-tcp high false 3136.5 Netsky Virus Activity string-tcp high false 3136.5 Netsky Virus Activity string-tcp high false 3136.6 Netsky Virus Activity string-tcp high false 3136.6 Netsky Virus Activity string-tcp high false 3136.7 Netsky Virus Activity string-tcp high false 3136.7 Netsky Virus Activity string-tcp high false 3136.8 Netsky Virus Activity string-tcp high false 3136.8 Netsky Virus Activity string-tcp high false 3136.9 Netsky Virus Activity string-tcp high false 3136.9 Netsky Virus Activity string-tcp high false 3136.10 Netsky Virus Activity string-tcp medium false 3136.10 Netsky Virus Activity string-tcp medium false 3136.11 Netsky Virus Activity string-tcp high false 3136.11 Netsky Virus Activity string-tcp high false 3138.0 Bagle.C Virus Email string-tcp high false Attachment 3138.0 Bagle.C Virus Email string-tcp high false Attachment 3736.0 Subversion get-dated-rev string-tcp high false overflow 3736.0 Subversion get-dated-rev string-tcp high false overflow 3784.0 BrightStor Discovery string-tcp high false Service SERVICEPC Overflow 3784.0 BrightStor Discovery string-tcp high false Service SERVICEPC Overflow 5410.0 APSIS Pound Remote Format string-tcp high false String Overflow 5410.0 APSIS Pound Remote Format string-tcp high false String Overflow 5565.0 Print Spooler Service string-tcp informational false Overflow 5565.0 Print Spooler Service string-tcp informational false Overflow 5565.1 Print Spooler Service string-tcp medium false Overflow 5565.1 Print Spooler Service string-tcp medium false Overflow 5565.2 Print Spooler Service meta high false Overflow 5565.2 Print Spooler Service meta high false Overflow 5565.3 Print Spooler Service service-smb informational false Overflow 5565.3 Print Spooler Service service-smb informational false Overflow 5565.4 Print Spooler Service service-smb-ad high false Overflow vanced 5565.4 Print Spooler Service service-smb-ad high false Overflow vanced 5797.0 Exchange Calendar DoS meta medium false 5797.0 Exchange Calendar DoS meta medium false 5797.1 Exchange Calendar DoS string-tcp informational false 5797.1 Exchange Calendar DoS string-tcp informational false 5797.2 Exchange Calendar DoS string-tcp informational false 5797.2 Exchange Calendar DoS string-tcp informational false 5797.3 Exchange Calendar DoS string-tcp informational false 5797.3 Exchange Calendar DoS string-tcp informational false 6524.0 Yahoo! Assistant meta high false yNotifier.dll ActiveX Control Code Execution 6524.0 Yahoo! Assistant meta high false yNotifier.dll ActiveX Control Code Execution 6524.1 Yahoo! Assistant string-tcp informational false yNotifier.dll ActiveX Control Code Execution 6524.1 Yahoo! Assistant string-tcp informational false yNotifier.dll ActiveX Control Code Execution 6935.0 CVE-2008-1086 ActiveX string-tcp high false Killbit Update 6935.0 CVE-2008-1086 ActiveX string-tcp high false Killbit Update 7217.0 Yahoo Toolbar ActiveX meta high false Buffer Overflow 7217.0 Yahoo Toolbar ActiveX meta high false Buffer Overflow 7217.1 Yahoo Toolbar ActiveX string-tcp low false Buffer Overflow 7217.1 Yahoo Toolbar ActiveX string-tcp low false Buffer Overflow 7217.2 Yahoo Toolbar ActiveX string-tcp informational false Buffer Overflow 7217.2 Yahoo Toolbar ActiveX string-tcp informational false Buffer Overflow 7239.0 ChilkatHttp ActiveX meta high false Arbitrary File Overwrite 7239.0 ChilkatHttp ActiveX meta high false Arbitrary File Overwrite 7239.1 ChilkatHttp ActiveX string-tcp informational false Arbitrary File Overwrite 7239.1 ChilkatHttp ActiveX string-tcp informational false Arbitrary File Overwrite 7239.2 ChilkatHttp ActiveX string-tcp informational false Arbitrary File Overwrite 7239.2 ChilkatHttp ActiveX string-tcp informational false Arbitrary File Overwrite 7253.0 Novell ZENworks Desktop meta high false Management CanUninstall ActiveX Overflow 7253.0 Novell ZENworks Desktop meta high false Management CanUninstall ActiveX Overflow 7253.1 Novell ZENworks Desktop string-tcp informational false Management CanUninstall ActiveX Overflow 7253.1 Novell ZENworks Desktop string-tcp informational false Management CanUninstall ActiveX Overflow 11015.0 Hotline File Transfer string-tcp low false 11015.0 Hotline File Transfer string-tcp low false CAVEATS None. Modified signature(s) detail: 3131-0,3136-0,3136-1,3136-2,3136-3,3136-4,3136-5,3136-6,3136-7,3136-8,3136-9,3136-10,3136-11,3138-0,3784-0,5410-0,5565-0,5565-1,5565-2,5565-3,5565-4,5797-0,5797-1,5797-2,5797-3,6524-0,6524-1,6935-0,7217-0,7217-1,7217-2,7239-0,7239-1,7239-2,7253-0,7253-1,11015-0. All the above sigs are released retired by default. ================================================================================================= S433 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3253.1 Microsoft ISA Server HTTP service-http medium false Content Header Vulnerability 3253.1 Microsoft ISA Server HTTP service-http medium false Content Header Vulnerability 6996.1 GDI+ BMP Integer Overflow string-tcp high false 6996.1 GDI+ BMP Integer Overflow string-tcp high false 17824.0 Backdoor sharK 2.3.0 string-tcp high false 17824.0 Backdoor sharK 2.3.0 string-tcp high false 17940.0 Mozilla GIF Image service-http high false Processing Library Overflow 17940.0 Mozilla GIF Image service-http high false Processing Library Overflow 17957.0 IBM Websphere Application string-tcp high true Server XSS 17957.0 IBM Websphere Application string-tcp high true Server XSS 17977.0 Opera JPG Image DHT service-http high false Marker BO 17977.0 Opera JPG Image DHT service-http high false Marker BO 18101.0 IBM Rational ClearQuest string-tcp high false Username Parameter SQL Injection 18101.0 IBM Rational ClearQuest string-tcp high false Username Parameter SQL Injection 18102.0 Apache Cygwin Directory service-http high false Traversal 18102.0 Apache Cygwin Directory service-http high false Traversal 18118.0 Firefox Password Manager string-tcp high false Credential Disclosure 18118.0 Firefox Password Manager string-tcp high false Credential Disclosure 18119.0 Firefox About Blank service-http low false Spoofing Vulnerability 18119.0 Firefox About Blank service-http low false Spoofing Vulnerability 18131.0 e-Ark File Inclusion service-http high false Vulnerability 18131.0 e-Ark File Inclusion service-http high false Vulnerability 18136.0 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.0 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.8 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.8 Microsoft MDAC Remote string-tcp high false Code Execution POC 18137.0 HP OpenView Network Node string-tcp high false Manager ovalarmsrv.exe Buffer Overflow 18137.0 HP OpenView Network Node string-tcp high false Manager ovalarmsrv.exe Buffer Overflow 18137.1 HP OpenView Network Node string-tcp high false Manager ovalarmsrv.exe Buffer Overflow 18137.1 HP OpenView Network Node string-tcp high false Manager ovalarmsrv.exe Buffer Overflow 18137.2 HP OpenView Network Node string-tcp high false Manager ovalarmsrv.exe Buffer Overflow 18137.2 HP OpenView Network Node string-tcp high false Manager ovalarmsrv.exe Buffer Overflow 18137.3 HP OpenView Network Node string-tcp medium false Manager ovalarmsrv.exe Buffer Overflow 18137.3 HP OpenView Network Node string-tcp medium false Manager ovalarmsrv.exe Buffer Overflow 18139.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18139.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18143.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18143.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18157.0 Sun Java System Identity service-http high false Manager activeControl Cross-Site Scripting 18157.0 Sun Java System Identity service-http high false Manager activeControl Cross-Site Scripting 18177.0 HTTP Multiple Browser string-tcp high false Telnet URI Handler File Manipulation 18177.0 HTTP Multiple Browser string-tcp high false Telnet URI Handler File Manipulation 18178.1 Backdoor YAT string-tcp high false 18178.1 Backdoor YAT string-tcp high false 18297.0 Trend Micro OfficeScan service-http high false CgiChkMasterPwd Buffer Overflow 18297.0 Trend Micro OfficeScan service-http high false CgiChkMasterPwd Buffer Overflow 18297.1 Trend Micro OfficeScan service-http high false CgiChkMasterPwd Buffer Overflow 18297.1 Trend Micro OfficeScan service-http high false CgiChkMasterPwd Buffer Overflow 18297.2 Trend Micro OfficeScan service-http high false CgiChkMasterPwd Buffer Overflow 18297.2 Trend Micro OfficeScan service-http high false CgiChkMasterPwd Buffer Overflow 18379.0 Logitech Video Call string-tcp high false ActiveX Control Buffer Overflow 18379.0 Logitech Video Call string-tcp high false ActiveX Control Buffer Overflow 18499.0 Konqueror Javascript string-tcp medium false Iframe DOS 18499.0 Konqueror Javascript string-tcp medium false Iframe DOS 18659.0 Ruby Dl Module Security string-tcp medium false Bypass 18659.0 Ruby Dl Module Security string-tcp medium false Bypass 18819.0 Green Dam Buffer Overflow service-http high true 18819.0 Green Dam Buffer Overflow service-http high true 18839.0 PyLocale_strxfrm string-tcp medium false Off-By-One Memory Disclosure 18839.0 PyLocale_strxfrm string-tcp medium false Off-By-One Memory Disclosure 18859.0 LibWPD Library Buffer string-tcp medium false Overflow 18859.0 LibWPD Library Buffer string-tcp medium false Overflow 18979.0 Mozilla Firefox OnUnload string-tcp medium false Javascript Browser Entrapment Vulnerability 18979.0 Mozilla Firefox OnUnload string-tcp medium false Javascript Browser Entrapment Vulnerability 18999.0 WengoPhone SoftPhone atomic-ip medium false Malformed Packet DoS 18999.0 WengoPhone SoftPhone atomic-ip medium false Malformed Packet DoS 19000.0 Invalid Invite Request atomic-ip high false 19000.0 Invalid Invite Request atomic-ip high false 19384.3 DirectX Pointer meta high true Validation Vulnerability 19384.3 DirectX Pointer meta high true Validation Vulnerability 19384.4 DirectX Pointer string-tcp informational true Validation Vulnerability 19384.4 DirectX Pointer string-tcp informational true Validation Vulnerability 19460.0 CA ARCserve Backup string-tcp high true LGServer Handshake Buffer Overflow 19460.0 CA ARCserve Backup string-tcp high true LGServer Handshake Buffer Overflow 20020.0 HTTP Authentication Brute string-tcp high true Force Attempt 20020.0 HTTP Authentication Brute string-tcp high true Force Attempt 20041.0 McAfee E-Business Server string-tcp high false Authentication Remote Code Execution 20041.0 McAfee E-Business Server string-tcp high false Authentication Remote Code Execution 20182.1 Malformed AVI Header string-tcp high true Vulnerability 20182.1 Malformed AVI Header string-tcp high true Vulnerability 20299.0 IrfanView Remote Buffer string-tcp high false Overflow Vulnerability 20299.0 IrfanView Remote Buffer string-tcp high false Overflow Vulnerability 20299.1 IrfanView Remote Buffer string-tcp high false Overflow Vulnerability 20299.1 IrfanView Remote Buffer string-tcp high false Overflow Vulnerability 20319.0 Oracle 9i PL/SQL Web service-http high false Administrator Access Vulnerability 20319.0 Oracle 9i PL/SQL Web service-http high false Administrator Access Vulnerability 20541.0 Dtlogin XDMCP Remote atomic-ip high false Double-Free Vulnerability 20541.0 Dtlogin XDMCP Remote atomic-ip high false Double-Free Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3532.0 Malformed BGP Open Message service-generi high true c 3532.0 Malformed BGP Open Message service-generi high true c 3604.0 Cisco Catalyst CR DoS string-tcp high true 3604.0 Cisco Catalyst CR DoS string-tcp high true 3719.0 MSN Messenger PNG Overflow string-tcp high false 3719.0 MSN Messenger PNG Overflow string-tcp high false 3730.0 Trinoo (TCP) string-tcp high true 3730.0 Trinoo (TCP) string-tcp high true 3730.1 Trinoo (TCP) string-tcp high true 3730.1 Trinoo (TCP) string-tcp high true 3790.0 HP Openview Omniback II string-tcp high true Command Execution 3790.0 HP Openview Omniback II string-tcp high true Command Execution 3791.0 Solaris Printd Unlink string-tcp high true File Deletion 3791.0 Solaris Printd Unlink string-tcp high true File Deletion 3883.0 Apache mod_proxy Buffer string-tcp high true Overflow 3883.0 Apache mod_proxy Buffer string-tcp high true Overflow 4058.1 UPnP LOCATION Overflow string-tcp high true 4058.1 UPnP LOCATION Overflow string-tcp high true 4058.2 UPnP LOCATION Overflow atomic-ip high true 4058.2 UPnP LOCATION Overflow atomic-ip high true 5693.0 Metafile Buffer Overflow string-tcp high false 5693.0 Metafile Buffer Overflow string-tcp high false 6200.0 Ident Buffer Overflow service-ident high true 6200.0 Ident Buffer Overflow service-ident high true 6755.0 Windows Remote Kernel atomic-ip high true TCP/IP ICMP Vulnerability 6755.0 Windows Remote Kernel atomic-ip high true TCP/IP ICMP Vulnerability 17297.0 ActSoft DVDTools.OCX string-tcp high false Overflow 17297.0 ActSoft DVDTools.OCX string-tcp high false Overflow CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S432 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20961.0 Windows SMB Process ID string-tcp medium true High DoS 20961.0 Windows SMB Process ID string-tcp medium true High DoS TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S431 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20643.0 Microsoft Windows TCP/IP atomic-ip high true Stack Denial Of Service 20643.0 Microsoft Windows TCP/IP atomic-ip high true Stack Denial Of Service 20644.0 Microsoft Windows TCP/IP atomic-ip high true Orphaned Connections Vulnerability 20644.0 Microsoft Windows TCP/IP atomic-ip high true Orphaned Connections Vulnerability 20699.0 Microsoft JScript string-tcp high true Scripting Engine Vulnerability 20699.0 Microsoft JScript string-tcp high true Scripting Engine Vulnerability 20779.0 Windows Media Header multi-string high true Parsing Invalid Free Vulnerability 20779.0 Windows Media Header multi-string high true Parsing Invalid Free Vulnerability 20780.0 Windows Media Playback multi-string high true Memory Corruption Vulnerability 20780.0 Windows Media Playback multi-string high true Memory Corruption Vulnerability 20800.0 DHTML Editing Component multi-string high true ActiveX Code Execution 20800.0 DHTML Editing Component multi-string high true ActiveX Code Execution TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20151.0 Clampi Trojan URLs service-http high true 20151.0 Clampi Trojan URLs service-http high true 20724.0 IIS FTPd NLST Buffer string-tcp high true Overflow 20724.0 IIS FTPd NLST Buffer string-tcp high true Overflow CAVEATS None. Modified signature(s) detail: Signatures 20151 and 20724 have been modified to increase fidelity. ================================================================================================= S430 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20899.0 IIS FTP ls Command Denial string-tcp medium true of Service 20899.0 IIS FTP ls Command Denial string-tcp medium true of Service TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S429 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6704.0 Microsoft Internet string-tcp high false Explorer Address Bar Spoofing Vulnerability 6704.0 Microsoft Internet string-tcp high false Explorer Address Bar Spoofing Vulnerability 6704.1 Microsoft Internet string-tcp high false Explorer Address Bar Spoofing Vulnerability 6704.1 Microsoft Internet string-tcp high false Explorer Address Bar Spoofing Vulnerability 16573.0 Oracle Application Server service-http high true OPMN Service Format String 16573.0 Oracle Application Server service-http high true OPMN Service Format String 17819.0 Chrome Malformed string-tcp medium false 'view-source' Header Remote DoS 17819.0 Chrome Malformed string-tcp medium false 'view-source' Header Remote DoS 17820.0 Backdoor Assassin string-tcp high false 17820.0 Backdoor Assassin string-tcp high false 17821.0 Novell SUSE Remote string-tcp high false Manager Overflow 17821.0 Novell SUSE Remote string-tcp high false Manager Overflow 17825.0 Borland StarTeam MPX DoS string-tcp medium false 17825.0 Borland StarTeam MPX DoS string-tcp medium false 17877.0 Backdoor Net-Devil string-tcp high false 17877.0 Backdoor Net-Devil string-tcp high false 17997.0 Multiple Vendor rdesktop string-tcp high true Process_redirect_pdu() BSS Overflow Vulnerability 17997.0 Multiple Vendor rdesktop string-tcp high true Process_redirect_pdu() BSS Overflow Vulnerability 18002.0 Yahoo Messenger URL string-tcp medium false Handler DoS 18002.0 Yahoo Messenger URL string-tcp medium false Handler DoS 18058.0 ABetterInternet service-http high false Information Upload 18058.0 ABetterInternet service-http high false Information Upload 18080.0 Apache mod_mylo Buffer string-tcp high false Overflow 18080.0 Apache mod_mylo Buffer string-tcp high false Overflow 18117.1 Google Chrome Arbitrary string-tcp high false File Download Vulnerability 18117.1 Google Chrome Arbitrary string-tcp high false File Download Vulnerability 18121.0 HTTP Sun Java System service-http high false Messenger Express Sid Cross-Site Scripting 18121.0 HTTP Sun Java System service-http high false Messenger Express Sid Cross-Site Scripting 18136.1 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.1 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.2 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.2 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.3 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.3 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.4 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.4 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.5 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.5 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.6 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.6 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.7 Microsoft MDAC Remote string-tcp high false Code Execution POC 18136.7 Microsoft MDAC Remote string-tcp high false Code Execution POC 18140.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18140.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18141.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18141.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18142.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18142.0 Firefox QueryInterface string-tcp high false Buffer Overflow 18178.0 Backdoor YAT string-tcp high false 18178.0 Backdoor YAT string-tcp high false 18180.0 Microsoft ASN.1 DoS string-tcp medium false 18180.0 Microsoft ASN.1 DoS string-tcp medium false 18181.0 GD Graphics Library DoS string-tcp medium false 18181.0 GD Graphics Library DoS string-tcp medium false 18182.0 WMF File Handling DoS string-tcp medium false 18182.0 WMF File Handling DoS string-tcp medium false 18183.0 uTorrent Activity service-http low false 18183.0 uTorrent Activity service-http low false 18183.1 uTorrent Activity service-http low false 18183.1 uTorrent Activity service-http low false 18185.0 Windows Media Player MIDI string-tcp medium false File Format DoS 18185.0 Windows Media Player MIDI string-tcp medium false File Format DoS 18217.0 D-Link Routers UPnP atomic-ip high false M-SEARCH/NOTIFY Request Buffer Overflow 18217.0 D-Link Routers UPnP atomic-ip high false M-SEARCH/NOTIFY Request Buffer Overflow 18237.0 HTTP ACTi Network Video meta high false Recorder Multiple ActiveX DOS 18237.0 HTTP ACTi Network Video meta high false Recorder Multiple ActiveX DOS 18237.1 HTTP ACTi Network Video string-tcp informational false Recorder Multiple ActiveX DOS 18237.1 HTTP ACTi Network Video string-tcp informational false Recorder Multiple ActiveX DOS 18237.2 HTTP ACTi Network Video string-tcp informational false Recorder Multiple ActiveX DOS 18237.2 HTTP ACTi Network Video string-tcp informational false Recorder Multiple ActiveX DOS 18258.0 Apache Tomcat Servlet service-http high false Path Disclosure Vulnerability 18258.0 Apache Tomcat Servlet service-http high false Path Disclosure Vulnerability 18277.0 MS Works Spreadsheet DoS string-tcp medium false 18277.0 MS Works Spreadsheet DoS string-tcp medium false 18277.1 MS Works Spreadsheet DoS string-tcp medium false 18277.1 MS Works Spreadsheet DoS string-tcp medium false 18277.2 MS Works Spreadsheet DoS string-tcp medium false 18277.2 MS Works Spreadsheet DoS string-tcp medium false 18277.3 MS Works Spreadsheet DoS string-tcp medium false 18277.3 MS Works Spreadsheet DoS string-tcp medium false 18299.1 Firefox Browser Spoof string-tcp medium false Vulnerability 18299.1 Firefox Browser Spoof string-tcp medium false Vulnerability 18337.0 IIS PROPFIND DoS string-tcp medium false 18337.0 IIS PROPFIND DoS string-tcp medium false 18380.0 Novell GroupWise SMTP state high true Buffer Overflow 18380.0 Novell GroupWise SMTP state high true Buffer Overflow 18397.0 Microsoft Media Player string-tcp medium false WMV DoS 18397.0 Microsoft Media Player string-tcp medium false WMV DoS 18443.0 Ruby REXML Library string-tcp medium false Entities Handling Denial of Service 18443.0 Ruby REXML Library string-tcp medium false Entities Handling Denial of Service 18680.0 CA Products Arclib.dll string-tcp medium false Malformed CHM File DoS 18680.0 CA Products Arclib.dll string-tcp medium false Malformed CHM File DoS 18700.0 Airspan WiMAX ProST Web service-http medium false Interface Authentication Bypass Vulnerability 18700.0 Airspan WiMAX ProST Web service-http medium false Interface Authentication Bypass Vulnerability 18701.0 Ruby WEBrick Denial Of string-tcp medium false Service Vulnerability 18701.0 Ruby WEBrick Denial Of string-tcp medium false Service Vulnerability 18740.0 Firefox Password Manager service-http high false Information Disclosure 18740.0 Firefox Password Manager service-http high false Information Disclosure 18760.0 Mozilla Suite and Firefox string-tcp high false Script Manager Security Bypass 18760.0 Mozilla Suite and Firefox string-tcp high false Script Manager Security Bypass 18760.1 Mozilla Suite and Firefox string-tcp high false Script Manager Security Bypass 18760.1 Mozilla Suite and Firefox string-tcp high false Script Manager Security Bypass 18782.0 Windows MDAC Remote Code meta high false Execution Exploit 18782.0 Windows MDAC Remote Code meta high false Execution Exploit 18782.1 Windows MDAC Remote Code string-tcp informational false Execution Exploit 18782.1 Windows MDAC Remote Code string-tcp informational false Execution Exploit 18782.2 Windows MDAC Remote Code string-tcp informational false Execution Exploit 18782.2 Windows MDAC Remote Code string-tcp informational false Execution Exploit 18783.0 Windows MDAC Remote Code meta high false Execution 18783.0 Windows MDAC Remote Code meta high false Execution 18783.1 Windows MDAC Remote Code string-tcp informational false Execution 18783.1 Windows MDAC Remote Code string-tcp informational false Execution 18783.2 Windows MDAC Remote Code string-tcp informational false Execution 18783.2 Windows MDAC Remote Code string-tcp informational false Execution 18921.0 Apple Safari Local File string-tcp high true Theft Vulnerability 18921.0 Apple Safari Local File string-tcp high true Theft Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3784.0 BrightStor Discovery string-tcp high true Service SERVICEPC Overflow 3784.0 BrightStor Discovery string-tcp high true Service SERVICEPC Overflow CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S428 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6087.0 Symantec ISAKMP DoS atomic-ip medium false 6087.0 Symantec ISAKMP DoS atomic-ip medium false 6462.2 Microsoft Internet string-tcp informational false Explorer CDF Cross Domain Scripting 6462.2 Microsoft Internet string-tcp informational false Explorer CDF Cross Domain Scripting 7252.0 Microsoft Works File multi-string high false Parsing WPS Buffer Overflow 7252.0 Microsoft Works File multi-string high false Parsing WPS Buffer Overflow 17221.0 HP OpenView Network Node service-http high false Manager OvOSLocale Parameter Buffer Overflow 17221.0 HP OpenView Network Node service-http high false Manager OvOSLocale Parameter Buffer Overflow 17794.0 HTTP IE 6 Object Type string-tcp high false Overflow 17794.0 HTTP IE 6 Object Type string-tcp high false Overflow 17822.0 Opera iframe DoS string-tcp medium false 17822.0 Opera iframe DoS string-tcp medium false 17823.0 ClamAV CHM Unpacker DoS string-tcp medium false 17823.0 ClamAV CHM Unpacker DoS string-tcp medium false 17826.0 Backdoor: BlackCore string-tcp high false 17826.0 Backdoor: BlackCore string-tcp high false 17827.0 Backdoor Aciddrop string-tcp high false 17827.0 Backdoor Aciddrop string-tcp high false 17828.0 Backdoor Amitis string-tcp high false 17828.0 Backdoor Amitis string-tcp high false 17837.0 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.0 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.1 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.1 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.2 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.2 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.3 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.3 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.4 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.4 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.5 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.5 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.6 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.6 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.7 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.7 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.8 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.8 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.9 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17837.9 eIQ Networks Network string-tcp medium false Security Analyzer DoS 17857.0 Backdoor ColdFusion string-tcp high false 17857.0 Backdoor ColdFusion string-tcp high false 17897.0 Backdoor Helios string-tcp high false 17897.0 Backdoor Helios string-tcp high false 17898.0 Backdoor Hatredfiend string-tcp high false 17898.0 Backdoor Hatredfiend string-tcp high false 17939.0 JComSoft AniGIF.ocx string-tcp high false Buffer Overflow 17939.0 JComSoft AniGIF.ocx string-tcp high false Buffer Overflow 17978.0 Fujitsu Admin View string-tcp high false Directory Traversal 17978.0 Fujitsu Admin View string-tcp high false Directory Traversal 18000.0 Opera CSS Background string-tcp medium false Property DoS 18000.0 Opera CSS Background string-tcp medium false Property DoS 18002.1 Yahoo Messenger URL string-tcp medium false Handler DoS 18002.1 Yahoo Messenger URL string-tcp medium false Handler DoS 18057.0 Push Toolbar Information service-http high false Search 18057.0 Push Toolbar Information service-http high false Search 18098.0 3Com 3Cdeamon TFTP atomic-ip medium false Reserved Device Name 18098.0 3Com 3Cdeamon TFTP atomic-ip medium false Reserved Device Name 18124.0 Microsoft Help and string-tcp high false Support Center Argument Injection 18124.0 Microsoft Help and string-tcp high false Support Center Argument Injection 18125.0 Firefox createRange string-tcp medium false Remote DoS 18125.0 Firefox createRange string-tcp medium false Remote DoS 18126.0 Office 2003 DoS string-tcp medium false 18126.0 Office 2003 DoS string-tcp medium false 18127.0 COM Object Instantiation string-tcp medium false Memory Corruption 18127.0 COM Object Instantiation string-tcp medium false Memory Corruption 18128.0 Excel Selection Record string-tcp high false Code Execution 18128.0 Excel Selection Record string-tcp high false Code Execution 18132.0 KDE LibHTML Tags Handling string-tcp medium false DoS 18132.0 KDE LibHTML Tags Handling string-tcp medium false DoS 19699.0 Firefox location.hostname string-tcp medium false Null Byte Vulnerability 19699.0 Firefox location.hostname string-tcp medium false Null Byte Vulnerability 19899.0 Forum Livre busca2 Exploit string-tcp high false 19899.0 Forum Livre busca2 Exploit string-tcp high false 20079.0 Apple OSX QuickDraw string-tcp high false GetSrcBits32ARGB Code Execution Vulnerability 20079.0 Apple OSX QuickDraw string-tcp high false GetSrcBits32ARGB Code Execution Vulnerability 20259.0 inTouch index.php user service-http high false Parameter SQL Injection 20259.0 inTouch index.php user service-http high false Parameter SQL Injection 20300.0 Wordcircle index.php service-http high false password Parameter SQL Injection 20300.0 Wordcircle index.php service-http high false password Parameter SQL Injection 20724.0 ISS FTPd NLST Directory string-tcp high true Traversal 20724.0 ISS FTPd NLST Directory string-tcp high true Traversal TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3158.0 FTP SITE EXEC Format string-tcp high true String 3158.0 FTP SITE EXEC Format string-tcp high true String 3167.0 Format String in FTP string-tcp medium false username 3167.0 Format String in FTP string-tcp medium false username 3407.0 Telnet Client NEW ENVIRON string-tcp high true Option Overflow 3407.0 Telnet Client NEW ENVIRON string-tcp high true Option Overflow 5855.0 Helix Remote Code string-tcp high true Execution 5855.0 Helix Remote Code string-tcp high true Execution 6281.0 Malformed EPS Filter string-tcp high true Vulnerability 6281.0 Malformed EPS Filter string-tcp high true Vulnerability 6282.0 Malformed PICT Filter string-tcp high true Vulnerability 6282.0 Malformed PICT Filter string-tcp high true Vulnerability 6283.0 Malformed BMP Filter string-tcp high true Vulnerability 6283.0 Malformed BMP Filter string-tcp high true Vulnerability 6350.0 MS-SQL Query Abuse string-tcp high true 6350.0 MS-SQL Query Abuse string-tcp high true 6537.0 Kraken Botnet Traffic atomic-ip high true 6537.0 Kraken Botnet Traffic atomic-ip high true 6537.1 Kraken Botnet Traffic atomic-ip high true 6537.1 Kraken Botnet Traffic atomic-ip high true 6539.0 Microsoft Malware string-tcp high true Protection Engine DoS 6539.0 Microsoft Malware string-tcp high true Protection Engine DoS 6539.1 Microsoft Malware string-tcp high true Protection Engine DoS 6539.1 Microsoft Malware string-tcp high true Protection Engine DoS 6540.0 CUCM Certificate Trust string-tcp high true List Memory Consumption DOS 6540.0 CUCM Certificate Trust string-tcp high true List Memory Consumption DOS 6767.0 Microsoft Windows RSH string-tcp high true Daemon Stack Overflow 6767.0 Microsoft Windows RSH string-tcp high true Daemon Stack Overflow CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S427 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20479.0 Malformed SIP Message string-tcp medium true 20479.0 Malformed SIP Message string-tcp medium true 20479.1 Malformed SIP Message atomic-ip medium true 20479.1 Malformed SIP Message atomic-ip medium true 20481.0 Malformed SIP Message string-tcp medium false 20481.0 Malformed SIP Message string-tcp medium false 20481.1 Malformed SIP Message atomic-ip medium false 20481.1 Malformed SIP Message atomic-ip medium false TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3327.0 Windows RPC DCOM Overflow service-msrpc high false 3327.0 Windows RPC DCOM Overflow service-msrpc high false 3327.1 Windows RPC DCOM Overflow string-udp high false 3327.1 Windows RPC DCOM Overflow string-udp high false 3327.4 Windows RPC DCOM Overflow service-msrpc high false 3327.4 Windows RPC DCOM Overflow service-msrpc high false 3327.7 Windows RPC DCOM Overflow string-tcp informational false 3327.7 Windows RPC DCOM Overflow string-tcp informational false 3327.8 Windows RPC DCOM Overflow service-msrpc informational false 3327.8 Windows RPC DCOM Overflow service-msrpc informational false 3327.9 Windows RPC DCOM Overflow string-tcp informational false 3327.9 Windows RPC DCOM Overflow string-tcp informational false 3327.10 Windows RPC DCOM Overflow string-tcp informational false 3327.10 Windows RPC DCOM Overflow string-tcp informational false 3327.11 Windows RPC DCOM Overflow meta high false 3327.11 Windows RPC DCOM Overflow meta high false 3527.3 UW imapd Overflows string-tcp high false 3527.3 UW imapd Overflows string-tcp high false 3527.6 UW imapd Overflows string-tcp high false 3527.6 UW imapd Overflows string-tcp high false 5428.0 Cisco CNS Registrar DoS string-tcp medium false 5428.0 Cisco CNS Registrar DoS string-tcp medium false 5428.1 Cisco CNS Registrar DoS string-tcp medium false 5428.1 Cisco CNS Registrar DoS string-tcp medium false 5548.0 Veritas Backup Exec string-tcp high false Windows Remote Agent Password Overflow 5548.0 Veritas Backup Exec string-tcp high false Windows Remote Agent Password Overflow 5824.0 HTTP Header DoS string-tcp medium false 5824.0 HTTP Header DoS string-tcp medium false 5840.1 Internet Explorer CLSID string-tcp high false Code Execution 5840.1 Internet Explorer CLSID string-tcp high false Code Execution 5840.2 Internet Explorer CLSID string-tcp high false Code Execution 5840.2 Internet Explorer CLSID string-tcp high false Code Execution 5864.0 Exchange Server IMAP string-tcp medium false Literal Processing Vulnerability 5864.0 Exchange Server IMAP string-tcp medium false Literal Processing Vulnerability 5910.0 CUCM Centralized TFTP service-http medium false File Locator Service Buffer Overflow 5910.0 CUCM Centralized TFTP service-http medium false File Locator Service Buffer Overflow CAVEATS None. Modified signature(s) detail: The following signatures were retired 5910-0 5864-0 5840-2 5840-1 5824-0 5548-0 5428-1 5428-0 3527-6 3527-3 3327-11 3327-10 3327-9 3327-8 3327-7 3327-4 3327-1 3327-0 ================================================================================================= S426 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20363.0 Firewall Services Module atomic-ip high true Crafted ICMP Message Vulnerability 20363.0 Firewall Services Module atomic-ip high true Crafted ICMP Message Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7262.0 Active Directory Overflow string-tcp high true Exploit 7262.0 Active Directory Overflow string-tcp high true Exploit 16235.0 ClamAV AntiVirus CHM File multi-string high true Handling Denial of Service 16235.0 ClamAV AntiVirus CHM File multi-string high false Handling Denial of Service CAVEATS None. Modified signature(s) detail: The following sigs were modified to increase fidelity 7262-0 16235-0 ================================================================================================= S425 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 2159.0 ICMP Destination atomic-ip informational false Unreachable Protocol Unreachable 2159.0 ICMP Destination atomic-ip informational false Unreachable Protocol Unreachable 5170.2 Null Byte In HTTP Request string-tcp low false 5170.2 Null Byte In HTTP Request string-tcp low false 17258.0 jetAudio Arbitrary File string-tcp medium false Download 17258.0 jetAudio Arbitrary File string-tcp medium false Download 17349.0 Adobe PDF Reader plug-in string-tcp medium false AcroPDF.dll DoS 17349.0 Adobe PDF Reader plug-in string-tcp medium false AcroPDF.dll DoS 17431.0 Synactis ALL In-The-Box string-tcp medium false SaveDoc Arbitrary File Overwrite 17431.0 Synactis ALL In-The-Box string-tcp medium false SaveDoc Arbitrary File Overwrite 17435.0 Nokia PC Suite Multimedia string-tcp high false Player Playlist Processing Buffer Overflow 17435.0 Nokia PC Suite Multimedia string-tcp high false Player Playlist Processing Buffer Overflow 17438.0 Firefox string-tcp high false iframe.contentWindow.focu- s Code Execution 17438.0 Firefox string-tcp high false iframe.contentWindow.focu- s Code Execution 17438.1 Firefox string-tcp high false iframe.contentWindow.focu- s Code Execution 17438.1 Firefox string-tcp high false iframe.contentWindow.focu- s Code Execution 17505.0 IE .mht File Code string-tcp high false Execution 17505.0 IE .mht File Code string-tcp high false Execution 17518.0 AWStats awstats.pl URL service-http high false Handling Cross Site Scripting Vulnerability 17518.0 AWStats awstats.pl URL service-http high false Handling Cross Site Scripting Vulnerability 17538.0 IE Popup Window Address string-tcp medium false Bar Spoofing 17538.0 IE Popup Window Address string-tcp medium false Bar Spoofing 17597.0 Mercury mail remote string-tcp high false mailbox name service buffer overflow 17597.0 Mercury mail remote string-tcp high false mailbox name service buffer overflow 17625.0 SAP Internet Graphics service-http high false Server PARAMS Cross Site Scripting 17625.0 SAP Internet Graphics service-http high false Server PARAMS Cross Site Scripting 17658.0 Apple Safari File string-tcp medium false Download DoS 17658.0 Apple Safari File string-tcp medium false Download DoS 17660.0 IE OVVtl Method NULL string-tcp medium false Dereference 17660.0 IE OVVtl Method NULL string-tcp medium false Dereference 17677.0 Safari KHTML WebKit DoS string-tcp high false 17677.0 Safari KHTML WebKit DoS string-tcp high false 17679.0 IE NDFXArtEffects Overflow string-tcp high false 17679.0 IE NDFXArtEffects Overflow string-tcp high false 17681.0 IE string-tcp high false NMSA.ASFSourceMediaDescri- ption Overflow 17681.0 IE string-tcp high false NMSA.ASFSourceMediaDescri- ption Overflow 17682.0 IE TriEditDocument URL string-tcp medium false Null Defeference 17682.0 IE TriEditDocument URL string-tcp medium false Null Defeference 17683.0 IE string-tcp medium false DirectAnimation.DAUserDat- a DoS 17683.0 IE string-tcp medium false DirectAnimation.DAUserDat- a DoS 17684.0 IE HTML Rendering Memory string-tcp medium false Corruption 17684.0 IE HTML Rendering Memory string-tcp medium false Corruption 17685.0 ePolicy Orchaestrator service-http medium false Invalid Content-Length DoS 17685.0 ePolicy Orchaestrator service-http medium false Invalid Content-Length DoS 17718.0 Apple iCal TRIGGER DoS string-tcp medium false 17718.0 Apple iCal TRIGGER DoS string-tcp medium false 17737.0 BlazeVideo HDTV Player string-tcp high false PLF File Heap BoF Vulnerability 17737.0 BlazeVideo HDTV Player string-tcp high false PLF File Heap BoF Vulnerability 17738.0 HTTP WEBMOD Cookie Buffer service-http high false Overflow Vulnerability 17738.0 HTTP WEBMOD Cookie Buffer service-http high false Overflow Vulnerability 17740.0 HTTP WEBMOD Directory service-http high false Traversal 17740.0 HTTP WEBMOD Directory service-http high false Traversal 17757.0 HTTP WEBMOD Argument service-http high false Parser BO 17757.0 HTTP WEBMOD Argument service-http high false Parser BO 17759.0 WebMod Script Source Code service-http medium false Disclosure 17759.0 WebMod Script Source Code service-http medium false Disclosure 17777.0 CiscoSecure ACS For string-tcp high false Windows NT Server Denial Of Service 17777.0 CiscoSecure ACS For string-tcp high false Windows NT Server Denial Of Service 17778.0 Sony CONNECT Player M3U string-tcp high false Playlist Processing Buffer Overflow 17778.0 Sony CONNECT Player M3U string-tcp high false Playlist Processing Buffer Overflow 17779.1 WS_FTP server Manager service-http medium false Information Leak 17779.1 WS_FTP server Manager service-http medium false Information Leak 17782.0 Clam Anti-Virus PE string-tcp high false Rebuilding Heap Overflow 17782.0 Clam Anti-Virus PE string-tcp high false Rebuilding Heap Overflow 17783.0 IE Drag and Drop Code string-tcp high false Execution 17783.0 IE Drag and Drop Code string-tcp high false Execution 17784.0 Facebook Newsroom Remote service-http medium false File Inclusion 17784.0 Facebook Newsroom Remote service-http medium false File Inclusion 17785.0 Backdoor: Nuclear RAT string-tcp medium true 17785.0 Backdoor: Nuclear RAT string-tcp medium true 17786.0 YouTube Blog Remote File service-http high false Include Vulnerability 17786.0 YouTube Blog Remote File service-http high false Include Vulnerability 17787.0 AOL YGP Picture Editor string-tcp medium false Denial of Service 17787.0 AOL YGP Picture Editor string-tcp medium false Denial of Service 17788.0 Adobe Reader Plugin Open string-tcp medium false Parameters Cross-Site Scripting 17788.0 Adobe Reader Plugin Open string-tcp medium false Parameters Cross-Site Scripting 17791.0 Ipswitch Imail Arbitrary service-http high false File Read 17791.0 Ipswitch Imail Arbitrary service-http high false File Read 20360.0 Xunlei Activity string-tcp low true 20360.0 Xunlei Activity string-tcp low true 20361.0 KuGoo P2P Activity atomic-ip low true 20361.0 KuGoo P2P Activity atomic-ip low true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 18559.0 Microsoft Word Remote string-tcp high true Code Execution Vulnerability 18559.0 Microsoft Word Remote string-tcp high true Code Execution Vulnerability 19840.0 SQLPing3 Network Traffic atomic-ip high false 19840.0 SQLPing3 Network Traffic atomic-ip high false CAVEATS None. Modified signature(s) detail: Fidelity Improvement 18559-0 Retired 19840-0 ================================================================================================= S424 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20119.0 Microsoft Remote Desktop string-tcp high true Client Remote Code Execution Vulnerability 20119.0 Microsoft Remote Desktop string-tcp high true Client Remote Code Execution Vulnerability 20120.0 Microsoft Windows Remote meta high true Desktop Protocol RCE 20120.0 Microsoft Windows Remote meta high true Desktop Protocol RCE 20120.1 Microsoft Windows Remote string-tcp informational true Desktop Protocol RCE 20120.1 Microsoft Windows Remote string-tcp informational true Desktop Protocol RCE 20120.2 Microsoft Windows Remote string-tcp informational true Desktop Protocol RCE 20120.2 Microsoft Windows Remote string-tcp informational true Desktop Protocol RCE 20141.0 Microsoft Office Web meta high true Components ActiveX Buffer Overflow 20141.0 Microsoft Office Web meta high true Components ActiveX Buffer Overflow 20141.1 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20141.1 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20143.0 Microsoft Office Web meta high true Components ActiveX Buffer Overflow 20143.0 Microsoft Office Web meta high true Components ActiveX Buffer Overflow 20143.1 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20143.1 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20145.0 Microsoft Office Web meta high true Components ActiveX Buffer Overflow 20145.0 Microsoft Office Web meta high true Components ActiveX Buffer Overflow 20145.1 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20145.1 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20145.2 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20145.2 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20148.0 Microsoft Office Web meta high true Components ActiveX Buffer Overflow 20148.0 Microsoft Office Web meta high true Components ActiveX Buffer Overflow 20148.1 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20148.1 Microsoft Office Web string-tcp informational true Components ActiveX Buffer Overflow 20150.0 ASP.NET Denial Of Service service-http medium true 20150.0 ASP.NET Denial Of Service service-http medium true 20179.0 WINS Heap Overflow string-tcp high true 20179.0 WINS Heap Overflow string-tcp high true 20181.0 WINS Integer Overflow string-tcp high true 20181.0 WINS Integer Overflow string-tcp high true 20182.0 Malformed AVI Header string-tcp high true Vulnerability 20182.0 Malformed AVI Header string-tcp high true Vulnerability 20183.0 AVI Integer Overflow string-tcp high true Vulnerability 20183.0 AVI Integer Overflow string-tcp high true Vulnerability 20183.1 AVI Integer Overflow string-tcp high true Vulnerability 20183.1 AVI Integer Overflow string-tcp high true Vulnerability 20220.0 Workstation Service string-tcp high true Memory Corruption Vulnerability 20220.0 Workstation Service string-tcp high true Memory Corruption Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S423 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5858.6 Trend Micro ServerProtect service-msrpc high false RPC Call ENG_SendEMail Buffer Overflow 5858.6 Trend Micro ServerProtect service-msrpc high false RPC Call ENG_SendEMail Buffer Overflow 5922.0 BEA WebLogic Admin string-tcp high false Console Cross Site Scripting 5922.0 BEA WebLogic Admin string-tcp high false Console Cross Site Scripting 5948.0 Ingres Database string-tcp high false uuid_from_char() Stack Overflow 5948.0 Ingres Database string-tcp high false uuid_from_char() Stack Overflow 5979.0 Microsoft Internet string-tcp high false Explorer COM Object Instantiation Memory Corruption 5979.0 Microsoft Internet string-tcp high false Explorer COM Object Instantiation Memory Corruption 5983.0 Microsoft Internet meta high false Explorer VML Buffer Overrun 5983.0 Microsoft Internet meta high false Explorer VML Buffer Overrun 5983.1 Microsoft Internet string-tcp informational false Explorer VML Buffer Overrun 5983.1 Microsoft Internet string-tcp informational false Explorer VML Buffer Overrun 5983.2 Microsoft Internet string-tcp informational false Explorer VML Buffer Overrun 5983.2 Microsoft Internet string-tcp informational false Explorer VML Buffer Overrun 5994.0 ImageMagick SGI Buffer string-tcp high false Overflow 5994.0 ImageMagick SGI Buffer string-tcp high false Overflow 6047.0 TrendMicro InterScan string-tcp low false Viruswall Directory Traversal 6047.0 TrendMicro InterScan string-tcp low false Viruswall Directory Traversal 19840.0 SQLPing3 Network Traffic atomic-ip high true 19840.0 SQLPing3 Network Traffic atomic-ip high true 19841.0 SQL Server Request atomic-ip medium true 19841.0 SQL Server Request atomic-ip medium true 19919.0 SQL Server BruteForce multi-string high true Attempt 19919.0 SQL Server BruteForce multi-string high true Attempt TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 2157.0 ICMP Hard Error DoS atomic-ip medium false 2157.0 ICMP Hard Error DoS atomic-ip medium false 2157.1 ICMP Hard Error DoS atomic-ip medium false 2157.1 ICMP Hard Error DoS atomic-ip medium false 2157.2 ICMP Hard Error DoS atomic-ip medium false 2157.2 ICMP Hard Error DoS atomic-ip medium false 3327.12 Windows RPC DCOM Overflow service-msrpc high false 3327.12 Windows RPC DCOM Overflow service-msrpc high false 3331.3 UDP MSRPC Messenger atomic-ip high false Overflow 3331.3 UDP MSRPC Messenger atomic-ip high false Overflow 3331.4 UDP MSRPC Messenger atomic-ip high false Overflow 3331.4 UDP MSRPC Messenger atomic-ip high false Overflow 3404.0 SysV /bin/login Overflow string-tcp high false 3404.0 SysV /bin/login Overflow string-tcp high false 3404.1 SysV /bin/login Overflow string-tcp high false 3404.1 SysV /bin/login Overflow string-tcp high false 3501.0 Rlogin Long TERM Variable string-tcp high false 3501.0 Rlogin Long TERM Variable string-tcp high false 3527.2 UW imapd Overflows string-tcp high false 3527.2 UW imapd Overflows string-tcp high false 3527.5 UW imapd Overflows string-tcp high false 3527.5 UW imapd Overflows string-tcp high false 3700.0 CDE dtspcd Overflow string-tcp high true 3700.0 CDE dtspcd Overflow string-tcp high true 3792.0 Long Telnet Username string-tcp high false 3792.0 Long Telnet Username string-tcp high false 4003.0 Nmap UDP Port Sweep sweep high false 4003.0 Nmap UDP Port Sweep sweep high false 5489.7 MyTOB Virus Activity string-tcp high false 5489.7 MyTOB Virus Activity string-tcp high false CAVEATS None. Modified signature(s) detail: The following signatures have been retired 5489-7, 4003-0, 3792-0, 3700-0, 3527-5, 3527-2, 3501-0, 3404-1, 3404-0, 3331-4, 3331-3, 3327-12, 2157-2, 2157-1, 2157-0 ================================================================================================= S422 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20059.0 Microsoft Internet meta high true Explorer KillBit Bypass 20059.0 Microsoft Internet meta high true Explorer KillBit Bypass 20059.1 Microsoft Internet string-tcp informational true Explorer KillBit Bypass 20059.1 Microsoft Internet string-tcp informational true Explorer KillBit Bypass 20059.2 Microsoft Internet string-tcp informational true Explorer KillBit Bypass 20059.2 Microsoft Internet string-tcp informational true Explorer KillBit Bypass 20151.0 Clampi Trojan URLs service-http high true 20151.0 Clampi Trojan URLs service-http high true TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S421 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 20002.0 Microsoft Internet multi-string high true Explorer Object Handling Remote Code Execution 20002.0 Microsoft Internet multi-string high true Explorer Object Handling Remote Code Execution 20004.0 Microsoft Internet multi-string high true Explorer Malformed Web Page Handling Vulnerability 20004.0 Microsoft Internet multi-string high true Explorer Malformed Web Page Handling Vulnerability 20005.0 Microsoft Internet multi-string high true Explorer Uninitialized Memory Corruption Vulnerability 20005.0 Microsoft Internet multi-string high true Explorer Uninitialized Memory Corruption Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S420 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 19279.0 Cisco IOS Legacy service-http medium true Interface Access 19279.0 Cisco IOS Legacy service-http medium true Interface Access TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S419 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16761.0 PeerCast HandshakeHTTP BO string-tcp high false 16761.0 PeerCast HandshakeHTTP BO string-tcp high false 16896.0 America Online SuperBuddy string-tcp high false ActiveX Control Code Execution 16896.0 America Online SuperBuddy string-tcp high false ActiveX Control Code Execution 17122.0 SAP Internet Transaction service-http high false Server wgate.dll Cross-Site Scripting Vulnerability 17122.0 SAP Internet Transaction service-http high false Server wgate.dll Cross-Site Scripting Vulnerability 17122.1 SAP Internet Transaction service-http high false Server wgate.dll Cross-Site Scripting Vulnerability 17122.1 SAP Internet Transaction service-http high false Server wgate.dll Cross-Site Scripting Vulnerability 17126.0 Alcatel-Lucent OmniPCX service-http high false Office Remote Command Execution Vulnerability 17126.0 Alcatel-Lucent OmniPCX service-http high false Office Remote Command Execution Vulnerability 17159.0 HTTP LeadTools Raster meta high false Dialog File ActiveX Overflow 17159.0 HTTP LeadTools Raster meta high false Dialog File ActiveX Overflow 17159.1 HTTP LeadTools Raster string-tcp informational false Dialog File ActiveX Overflow 17159.1 HTTP LeadTools Raster string-tcp informational false Dialog File ActiveX Overflow 17159.2 HTTP LeadTools Raster string-tcp informational false Dialog File ActiveX Overflow 17159.2 HTTP LeadTools Raster string-tcp informational false Dialog File ActiveX Overflow 17356.0 Shockwave ActiveX DoS string-tcp medium false 17356.0 Shockwave ActiveX DoS string-tcp medium false 17401.0 TFTPDWIN Long Message DoS atomic-ip high false 17401.0 TFTPDWIN Long Message DoS atomic-ip high false 17424.0 Firefox OnKeyDown Event string-tcp medium false File Upload 17424.0 Firefox OnKeyDown Event string-tcp medium false File Upload 17426.0 IE DataSourceControl string-tcp high false Overflow 17426.0 IE DataSourceControl string-tcp high false Overflow 17430.0 Firefox Action Prompt string-tcp medium false Delay Security Bypass 17430.0 Firefox Action Prompt string-tcp medium false Delay Security Bypass 17434.0 IE DHTML Script Injection string-tcp high false 17434.0 IE DHTML Script Injection string-tcp high false 17437.0 IE Position CSS DoS string-tcp medium false 17437.0 IE Position CSS DoS string-tcp medium false 17439.0 CA iGateway string-tcp high false Content-Length Overflow 17439.0 CA iGateway string-tcp high false Content-Length Overflow 17477.0 Firefox Marquee DoS string-tcp medium false 17477.0 Firefox Marquee DoS string-tcp medium false 17498.0 Safari DHTML string-tcp medium false setAttributeNode DoS 17498.0 Safari DHTML string-tcp medium false setAttributeNode DoS 17499.0 IE string-tcp medium false Object.Microsoft.DXTFiler DoS 17499.0 IE string-tcp medium false Object.Microsoft.DXTFiler DoS 17500.0 IE Exception Handling string-tcp medium false Memory Corruption 17500.0 IE Exception Handling string-tcp medium false Memory Corruption 17502.0 IE Table Frameset DoS string-tcp medium false 17502.0 IE Table Frameset DoS string-tcp medium false 17504.0 FireFox HTML Parsing Null string-tcp medium false Pointer Dereference 17504.0 FireFox HTML Parsing Null string-tcp medium false Pointer Dereference 17517.0 IE Status Bar URI Spoofing string-tcp medium false 17517.0 IE Status Bar URI Spoofing string-tcp medium false 17620.0 Microsoft System string-tcp medium false Management Server Remote Denial of Service 17620.0 Microsoft System string-tcp medium false Management Server Remote Denial of Service 17624.0 Web Tours Upload service-http medium false Directory Traversal 17624.0 Web Tours Upload service-http medium false Directory Traversal 17626.0 Safari Window.setTimeout string-tcp medium false Spoofing 17626.0 Safari Window.setTimeout string-tcp medium false Spoofing 17638.0 IE string-tcp medium false OutlookExpress.AddressBoo- k DoS 17638.0 IE string-tcp medium false OutlookExpress.AddressBoo- k DoS 19381.1 Embedded OpenType Font string-tcp high true Heap Overflow Vulnerability 19381.1 Embedded OpenType Font string-tcp high true Heap Overflow Vulnerability 19382.1 Embedded OpenType Font string-tcp high true Integer Overflow Vulnerability 19382.1 Embedded OpenType Font string-tcp high false Integer Overflow Vulnerability 19520.4 Microsoft Office Web string-tcp high true Components ActiveX Overflow 19520.4 Microsoft Office Web string-tcp high true Components ActiveX Overflow 19520.5 Microsoft Office Web string-tcp high true Components ActiveX Overflow 19520.5 Microsoft Office Web string-tcp high true Components ActiveX Overflow 19819.0 Malicous Adobe Flash multi-string high true Content 19819.0 Malicous Adobe Flash multi-string high true Content 19819.1 Malicious Adobe Flash multi-string high true Content 19819.1 Malicious Adobe Flash multi-string high true Content TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3600.0 IOS Telnet Buffer Overflow state high false 3600.0 IOS Telnet Buffer Overflow state high false 3802.0 Oracle iSQL*PLus Overflow service-http high false 3802.0 Oracle iSQL*PLus Overflow service-http high false 5431.0 IIS W3Who Vulnerabilties service-http high false 5431.0 IIS W3Who Vulnerabilties service-http high false 5431.1 IIS W3Who Vulnerabilties service-http high false 5431.1 IIS W3Who Vulnerabilties service-http high false 6786.0 Microsoft PowerPoint string-tcp high false Memory Corruption Vulnerability 6786.0 Microsoft PowerPoint string-tcp high false Memory Corruption Vulnerability 19520.3 Microsoft Office Web string-tcp informational true Components ActiveX Overflow 19520.3 Microsoft Office Web string-tcp informational true Components ActiveX Overflow CAVEATS None. Modified signature(s) detail: The following signatures are retired by default: 6786-0 5431-1 5431-0 3802-0 3600-0 ================================================================================================= S418 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5993.0 IE COM Object string-tcp high false Instantiation Memory Corruption 5993.0 IE COM Object string-tcp high false Instantiation Memory Corruption 6148.0 OpenSSL string-tcp high false SSL_get_shared_ciphers Off-by-one 6148.0 OpenSSL string-tcp high false SSL_get_shared_ciphers Off-by-one 6217.0 eDirectory iMonitor NDS service-http high false Server Buffer Overflow 6217.0 eDirectory iMonitor NDS service-http high false Server Buffer Overflow 6218.0 MediaWiki Script Insertion string-tcp high false 6218.0 MediaWiki Script Insertion string-tcp high false 6421.0 Microsoft Excel Malformed string-tcp high false SELECTION Record Code Execution 6421.0 Microsoft Excel Malformed string-tcp high false SELECTION Record Code Execution 6424.0 Microsoft PowerPoint PPT string-tcp high false File Parsing Memory Corruption 6424.0 Microsoft PowerPoint PPT string-tcp high false File Parsing Memory Corruption 6425.0 Microsoft Excel Malformed string-tcp high false OBJECT Record Code Execution 6425.0 Microsoft Excel Malformed string-tcp high false OBJECT Record Code Execution 6454.0 Microsoft Winhlp32 string-tcp high false Compressed Phrase Buffer Overflow 6454.0 Microsoft Winhlp32 string-tcp high false Compressed Phrase Buffer Overflow 6459.0 Microsoft Winhlp32 string-tcp high false Compressed Phrase Integer Overflow 6459.0 Microsoft Winhlp32 string-tcp high false Compressed Phrase Integer Overflow 6486.0 Novell iManager Tomcat string-tcp high false HTTP POST Request Handling Denial of Service 6486.0 Novell iManager Tomcat string-tcp high false HTTP POST Request Handling Denial of Service 6712.0 Microsoft Internet string-tcp medium false Explorer Script Engine Stack Exhaustion 6712.0 Microsoft Internet string-tcp medium false Explorer Script Engine Stack Exhaustion 7300.1 Sharepoint Access Control string-tcp high true Vulnerability 7300.1 Sharepoint Access Control string-tcp high true Vulnerability 7421.0 Windows HLP File Heap string-tcp high false Overflow 7421.0 Windows HLP File Heap string-tcp high false Overflow 7423.0 SecureCRT Arbitrary string-tcp high false Configuration Folder 7423.0 SecureCRT Arbitrary string-tcp high false Configuration Folder 15235.1 Exchange Server Memory state high false Corruption Vulnerability 15235.1 Exchange Server Memory state high false Corruption Vulnerability 15235.2 Exchange Server Memory state high false Corruption Vulnerability 15235.2 Exchange Server Memory state high false Corruption Vulnerability 15373.0 Microsoft Internet string-tcp high false Explorer VGX.DLL Heap Overflow 15373.0 Microsoft Internet string-tcp high false Explorer VGX.DLL Heap Overflow 15814.0 Microsoft Internet string-tcp high false Explorer TextRange Object Memory Corruption 15814.0 Microsoft Internet string-tcp high false Explorer TextRange Object Memory Corruption 16453.0 IBM Lotus Expeditor cai string-tcp high false URI Handler Command Execution 16453.0 IBM Lotus Expeditor cai string-tcp high false URI Handler Command Execution 16833.0 CA BrightStor ARCserve string-tcp high false Backup Message Engine Stack Overflow 16833.0 CA BrightStor ARCserve string-tcp high false Backup Message Engine Stack Overflow 17259.0 VideoLAN VLC Media Player string-tcp high false TY Processing Buffer Overflow 17259.0 VideoLAN VLC Media Player string-tcp high false TY Processing Buffer Overflow 18077.1 CA Brightstore Backup RPC atomic-ip medium false Server DoS 18077.1 CA Brightstore Backup RPC atomic-ip medium false Server DoS 18519.0 Microsoft Windows WMF string-tcp high false Handling Arbitrary Code Execution 18519.0 Microsoft Windows WMF string-tcp high false Handling Arbitrary Code Execution 18539.0 Microsoft Office Routing string-tcp high false Slip Processing Remote Buffer Overflow 18539.0 Microsoft Office Routing string-tcp high false Slip Processing Remote Buffer Overflow 18601.0 Microsoft Windows string-tcp high false Embedded Web Font Handling Buffer Overflow 18601.0 Microsoft Windows string-tcp high false Embedded Web Font Handling Buffer Overflow 18620.0 Microsoft Outlook Express string-tcp high false Windows Address Book File Vulnerability 18620.0 Microsoft Outlook Express string-tcp high false Windows Address Book File Vulnerability 18621.0 Microsoft FrontPage string-tcp high false Server Extensions Cross Site Scripting 18621.0 Microsoft FrontPage string-tcp high false Server Extensions Cross Site Scripting 18623.0 Microsoft Excel Malformed string-tcp high false File Format Parsing Code Execution 18623.0 Microsoft Excel Malformed string-tcp high false File Format Parsing Code Execution 18879.0 PowerPoint Malformed Data string-tcp high false Record RCE 18879.0 PowerPoint Malformed Data string-tcp high false Record RCE 18939.0 Computer Associates string-tcp high false Products Discovery Service Buffer Overflow 18939.0 Computer Associates string-tcp high false Products Discovery Service Buffer Overflow 19021.0 Microsoft Excel Malformed string-tcp high false Graphic File Code Execution 19021.0 Microsoft Excel Malformed string-tcp high false Graphic File Code Execution 19039.0 Nagios Content-Length string-tcp high false Handling Buffer Overflow 19039.0 Nagios Content-Length string-tcp high false Handling Buffer Overflow 19040.0 Computer Associates string-tcp high false Products Discovery Service Remote Buffer Overflow 19040.0 Computer Associates string-tcp high false Products Discovery Service Remote Buffer Overflow 19059.0 Mozilla Firefox Download string-tcp high false Directory File Deletion Vulnerability 19059.0 Mozilla Firefox Download string-tcp high false Directory File Deletion Vulnerability 19099.0 Computer Associates string-tcp high false Message Queuing Buffer Overflow 19099.0 Computer Associates string-tcp high false Message Queuing Buffer Overflow 19119.0 Windows GRE WMF Handling string-tcp high false Memory Read Exception 19119.0 Windows GRE WMF Handling string-tcp high false Memory Read Exception 19120.0 Mozilla Products Graphics string-tcp high false and XML Features Integer Overflow 19120.0 Mozilla Products Graphics string-tcp high false and XML Features Integer Overflow 19121.0 GNU Tar PAX Extended string-tcp high false Headers Handling Buffer Overflow 19121.0 GNU Tar PAX Extended string-tcp high false Headers Handling Buffer Overflow 19122.0 RealNetworks RealPlayer string-tcp high false SWF Flash File Buffer Overflow 19122.0 RealNetworks RealPlayer string-tcp high false SWF Flash File Buffer Overflow 19199.0 Computer Associates string-tcp high false BrightStor ARCServe Backup LGServer Buffer Overflow 19199.0 Computer Associates string-tcp high false BrightStor ARCServe Backup LGServer Buffer Overflow 19201.0 MySQL CREATE FUNCTION string-tcp high false Init_syms() Buffer Overflow 19201.0 MySQL CREATE FUNCTION string-tcp high false Init_syms() Buffer Overflow 19239.0 CA BrightStor ARCserve string-tcp high false Backup XDR Parsing Buffer Overflow 19239.0 CA BrightStor ARCserve string-tcp high false Backup XDR Parsing Buffer Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7300.0 Sharepoint Access Control service-http high false Vulnerability 7300.0 Sharepoint Access Control service-http high false Vulnerability 7304.1 Microsoft Word File string-tcp high false Parsing Overflow 7304.1 Microsoft Word File string-tcp high false Parsing Overflow CAVEATS None. Modified signature(s) detail: 7300-0 7300-1 7304-1 ================================================================================================= S417 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 19520.2 Microsoft Office Web meta high true Components ActiveX Overflow 19520.2 Microsoft Office Web meta high true Components ActiveX Overflow 19520.3 Microsoft Office Web string-tcp informational true Components ActiveX Overflow 19520.3 Microsoft Office Web string-tcp informational true Components ActiveX Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 1600.0 ICMPv6 zero length option atomic-ip-v6 medium true 1600.0 ICMPv6 zero length option atomic-ip-v6 medium true 5869.0 Internet Explorer CSS Tag string-tcp high false Memory Corruption 5869.0 Internet Explorer CSS Tag string-tcp high false Memory Corruption 5915.0 Microsoft FoxPro ActiveX string-tcp high false Vulnerability 5915.0 Microsoft FoxPro ActiveX string-tcp high false Vulnerability 6298.0 Creative Software meta high true AutoUpdate Engine ActiveX Stack-Overflow 6298.0 Creative Software meta high true AutoUpdate Engine ActiveX Stack-Overflow 6939.0 Microsoft Project Remote string-tcp high false Code Execution 6939.0 Microsoft Project Remote string-tcp high false Code Execution CAVEATS None. Modified signature(s) detail: The following signatures have been retired by default: 1600-0, 6939-0, 5869-0, 5915-0 SFR has been increased for sig 6298-0. ================================================================================================= S416 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5694.1 Enhanced Metafile Buffer string-tcp high false Overflow 5694.1 Enhanced Metafile Buffer string-tcp high false Overflow 5923.0 Microsoft Internet string-tcp high false Explorer FTP Client Directory Traversal issue 5923.0 Microsoft Internet string-tcp high false Explorer FTP Client Directory Traversal issue 5923.1 Microsoft Internet string-tcp high false Explorer FTP Client Directory Traversal 5923.1 Microsoft Internet string-tcp high false Explorer FTP Client Directory Traversal 5984.0 IE COM Object Code meta high false Execution 5984.0 IE COM Object Code meta high false Execution 5984.1 IE COM Object Code string-tcp informational false Execution 5984.1 IE COM Object Code string-tcp informational false Execution 5984.2 IE COM Object Code string-tcp informational false Execution 5984.2 IE COM Object Code string-tcp informational false Execution 6023.0 IE JavaScript window() DoS string-tcp high false 6023.0 IE JavaScript window() DoS string-tcp high false 6024.0 Firefox JavaScript string-tcp low false Information Disclosure 6024.0 Firefox JavaScript string-tcp low false Information Disclosure 6025.0 Jet DB Engine Buffer string-tcp high false Overflow 6025.0 Jet DB Engine Buffer string-tcp high false Overflow 6026.0 Squid Gopher Protocol string-tcp high false Handling Buffer Overflow 6026.0 Squid Gopher Protocol string-tcp high false Handling Buffer Overflow 6074.0 DirectX RLE Compressed string-tcp high false TGA Overflow 6074.0 DirectX RLE Compressed string-tcp high false TGA Overflow 6075.0 Mozilla SOAPParameter string-tcp high false Integer Overflow 6075.0 Mozilla SOAPParameter string-tcp high false Integer Overflow 6077.0 IE Malformed GIF File string-tcp high false 6077.0 IE Malformed GIF File string-tcp high false 6221.0 IBM Director Agent DoS atomic-ip medium false 6221.0 IBM Director Agent DoS atomic-ip medium false 6414.0 ClamAV UPX File Handling string-tcp high false Heap Overflow 6414.0 ClamAV UPX File Handling string-tcp high false Heap Overflow 6414.1 ClamAV UPX File Handling string-tcp high false Heap Overflow 6414.1 ClamAV UPX File Handling string-tcp high false Heap Overflow 6416.0 Microsoft Windows Help string-tcp high false HLP File Processing Memory Corruption 6416.0 Microsoft Windows Help string-tcp high false HLP File Processing Memory Corruption 6416.1 Microsoft Windows Help string-tcp high false HLP File Processing Memory Corruption 6416.1 Microsoft Windows Help string-tcp high false HLP File Processing Memory Corruption 6444.0 iGateway Content-Length service-http high false Buffer Overflow 6444.0 iGateway Content-Length service-http high false Buffer Overflow 6445.0 SUSE Remote Manager Heap service-http high false Overflow 6445.0 SUSE Remote Manager Heap service-http high false Overflow 19639.0 Firefox 3.5 Unicode string-tcp high true Buffer Overflow 19639.0 Firefox 3.5 Unicode string-tcp high true Buffer Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5567.0 Veritas Backup Exec string-tcp informational false Remote Registry Access 5567.0 Veritas Backup Exec string-tcp informational false Remote Registry Access 5567.1 Veritas Backup Exec service-msrpc informational false Remote Registry Access 5567.1 Veritas Backup Exec service-msrpc informational false Remote Registry Access 5567.2 Veritas Backup Exec service-msrpc informational false Remote Registry Access 5567.2 Veritas Backup Exec service-msrpc informational false Remote Registry Access 5567.3 Veritas Backup Exec service-msrpc informational false Remote Registry Access 5567.3 Veritas Backup Exec service-msrpc informational false Remote Registry Access 5567.4 Veritas Backup Exec service-msrpc informational false Remote Registry Access 5567.4 Veritas Backup Exec service-msrpc informational false Remote Registry Access 5567.5 Veritas Backup Exec meta high false Remote Registry Access 5567.5 Veritas Backup Exec meta high false Remote Registry Access 5684.3 Malformed SIP Packet atomic-ip medium false 5684.3 Malformed SIP Packet atomic-ip medium false 5688.0 RSA WebAgent Redirect service-http medium false Overflow 5688.0 RSA WebAgent Redirect service-http medium false Overflow 5750.0 WLSE Cross Site Scripting service-http medium false 5750.0 WLSE Cross Site Scripting service-http medium false 5810.0 SecureCRT SSH1 Buffer string-tcp high false Overflow 5810.0 SecureCRT SSH1 Buffer string-tcp high false Overflow 5813.0 Microsoft Internet meta high false Explorer Vector Markup Language Vulnerability 5813.0 Microsoft Internet meta high false Explorer Vector Markup Language Vulnerability 5837.0 Malformed TCP packet service-generi medium false c 5837.0 Malformed TCP packet service-generi medium false c 5868.0 IE Navigation Cancel Page string-tcp medium true Spoofing Vulnerability 5868.0 IE Navigation Cancel Page string-tcp medium true Spoofing Vulnerability 5902.0 AIM Message HTML Injection string-tcp high false 5902.0 AIM Message HTML Injection string-tcp high false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S415 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5434.2 Veritas Backup Exec string-tcp high false Registration Request Overflow 5434.2 Veritas Backup Exec string-tcp high false Registration Request Overflow 5930.21 Generic SQL Injection service-http medium true 5930.21 Generic SQL Injection service-http medium true 15073.0 Oracle Secure Backup service-http high true Administration Server login.php Command Injection 15073.0 Oracle Secure Backup service-http high true Administration Server login.php Command Injection 15833.1 Windows Kernel Input string-tcp high true Validation Vulnerability 15833.1 Windows Kernel Input string-tcp high true Validation Vulnerability 18380.1 Novell GroupWise SMTP state high true Buffer Overflow 18380.1 Novell GroupWise SMTP state high true Buffer Overflow 19001.0 Cisco UCCX XSS service-http high true 19001.0 Cisco UCCX XSS service-http high true 19459.0 Now SMS MMS Gateway Web string-tcp high false Authorization Buffer Overflow 19459.0 Now SMS MMS Gateway Web string-tcp high false Authorization Buffer Overflow 19519.0 CA BrightStor ARCserve service-msrpc high false Backup Message Engine Buffer Overflow 19519.0 CA BrightStor ARCserve service-msrpc high false Backup Message Engine Buffer Overflow 19522.0 EMC Legato NetWorker string-tcp high false Remote Exec Service Buffer Overflow 19522.0 EMC Legato NetWorker string-tcp high false Remote Exec Service Buffer Overflow 19600.0 Firefox 3.5 Malformed string-tcp high true HTML Vulnerability 19600.0 Firefox 3.5 Malformed string-tcp high true HTML Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5042.1 WWW valid shell access service-http medium false attempt 5042.1 WWW valid shell access service-http medium false attempt 5042.2 WWW valid shell access service-http medium false attempt 5042.2 WWW valid shell access service-http medium false attempt 5042.3 WWW valid shell access service-http medium false attempt 5042.3 WWW valid shell access service-http medium false attempt 5042.4 WWW valid shell access service-http medium false attempt 5042.4 WWW valid shell access service-http medium false attempt 5042.5 WWW valid shell access service-http medium false attempt 5042.5 WWW valid shell access service-http medium false attempt 5042.6 WWW valid shell access service-http medium false attempt 5042.6 WWW valid shell access service-http medium false attempt 5413.0 WhatsUp Gold Buffer service-http high false Overflow Vulnerability 5413.0 WhatsUp Gold Buffer service-http high false Overflow Vulnerability 5430.0 Darwin Streaming Server string-tcp medium false DoS 5430.0 Darwin Streaming Server string-tcp medium false DoS 5430.2 Darwin Streaming Server atomic-ip medium false DoS 5430.2 Darwin Streaming Server atomic-ip medium false DoS 5434.0 Veritas Backup Exec string-tcp high false Registration Request Overflow 5434.0 Veritas Backup Exec string-tcp high false Registration Request Overflow 5434.1 Veritas Backup Exec string-tcp high false Registration Request Overflow 5434.1 Veritas Backup Exec string-tcp high false Registration Request Overflow 5486.0 Apple File Service string-tcp high false LoginExt Overflow 5486.0 Apple File Service string-tcp high false LoginExt Overflow 5486.1 Apple File Service string-tcp high false LoginExt Overflow 5486.1 Apple File Service string-tcp high false LoginExt Overflow 5567.6 Veritas Backup Exec meta high false Remote Registry Access 5567.6 Veritas Backup Exec meta high false Remote Registry Access 5567.7 Veritas Backup Exec meta high false Remote Registry Access 5567.7 Veritas Backup Exec meta high false Remote Registry Access 5567.8 Veritas Backup Exec meta medium false Remote Registry Access 5567.8 Veritas Backup Exec meta medium false Remote Registry Access 7221.0 Hierarchical FlexGrid meta high true Control Memory Corruption 7221.0 Hierarchical FlexGrid meta high true Control Memory Corruption 16933.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16933.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16956.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16956.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16958.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16958.0 Microsoft PowerPoint string-tcp high true Remote Code Execution CAVEATS None. Modified signature(s) detail: the following sigs are retired and disabled by default: 5042-x, 5413-0, 5430-0, 5430-2, 5434-x, 5486-0, 5486-2, 5567-6, 5567-7, 5567-8 ================================================================================================= S414 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16655.0 DonBot fixed-tcp high true 16655.0 DonBot fixed-tcp high true 16753.0 Mega-D string-tcp high true 16753.0 Mega-D string-tcp high true 16754.0 PushDo Botnet string-tcp high true 16754.0 PushDo Botnet string-tcp high true 17363.0 Rustock Botnet meta high true 17363.0 Rustock Botnet meta high true 17363.1 Rustock Botnet service-http informational true 17363.1 Rustock Botnet service-http informational true 17363.2 Rustock Botnet service-http informational true 17363.2 Rustock Botnet service-http informational true 17789.0 Grum Bot service-http high true 17789.0 Grum Bot service-http high true 19339.1 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.1 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.2 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.2 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.3 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.3 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.4 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.4 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.5 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.5 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.6 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.6 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.7 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.7 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.8 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.8 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.9 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.9 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19381.0 Embedded OpenType Font string-tcp high true Heap Overflow Vulnerability 19381.0 Embedded OpenType Font string-tcp high true Heap Overflow Vulnerability 19382.0 Embedded OpenType Font string-tcp high true Integer Overflow Vulnerability 19382.0 Embedded OpenType Font string-tcp high true Integer Overflow Vulnerability 19383.0 DirectX Size Validation string-tcp high true Vulnerability 19383.0 DirectX Size Validation string-tcp high true Vulnerability 19384.0 DirectX Pointer meta high true Validation Vulnerability 19384.0 DirectX Pointer meta high true Validation Vulnerability 19384.1 DirectX Pointer multi-string informational true Validation Vulnerability 19384.1 DirectX Pointer multi-string informational true Validation Vulnerability 19384.2 DirectX Pointer string-tcp informational true Validation Vulnerability 19384.2 DirectX Pointer string-tcp informational true Validation Vulnerability 19401.0 Microsoft Publisher File string-tcp high true Parsing Vulnerability 19401.0 Microsoft Publisher File string-tcp high true Parsing Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 19219.1 DirectShow QuickTime multi-string informational true Media Processing Arbitrary Code Execution 19219.1 DirectShow QuickTime multi-string informational true Media Processing Arbitrary Code Execution 19219.2 DirectShow QuickTime string-tcp informational true Media Processing Arbitrary Code Execution 19219.2 DirectShow QuickTime string-tcp informational true Media Processing Arbitrary Code Execution CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S413 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 19520.0 Microsoft Office Web meta high true Components ActiveX Overflow 19520.0 Microsoft Office Web meta high true Components ActiveX Overflow 19520.1 Microsoft Office Web string-tcp informational true Components ActiveX Overflow 19520.1 Microsoft Office Web string-tcp informational true Components ActiveX Overflow TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S412 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6250.1 FTP Authorization Failure string-tcp informational true 6250.1 FTP Authorization Failure string-tcp informational true 18920.0 Administrative FTP User meta informational true Failed To Authenticate 18920.0 Administrative FTP User meta informational true Failed To Authenticate TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3171.0 FTP Priviledged Login string-tcp informational true 3171.0 FTP Priviledged Login string-tcp informational true 3171.1 Ftp Priviledged Login string-tcp low false 3171.1 Ftp Priviledged Login string-tcp low false 6250.0 FTP Authorization Failure string-tcp informational false 6250.0 FTP Authorization Failure string-tcp informational false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S411 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 19339.0 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution 19339.0 Microsoft DirectShow string-tcp high true msvidctl.dll Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S410 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3740.1 IMail LDAP Service Buffer string-tcp high false Overflow 3740.1 IMail LDAP Service Buffer string-tcp high false Overflow 3740.2 IMail LDAP Service Buffer string-tcp high false Overflow 3740.2 IMail LDAP Service Buffer string-tcp high false Overflow 3740.3 IMail LDAP Service Buffer string-tcp high false Overflow 3740.3 IMail LDAP Service Buffer string-tcp high false Overflow 5926.0 Oracle ctxsys.driload string-tcp high false Access Violation Vulnerability 5926.0 Oracle ctxsys.driload string-tcp high false Access Violation Vulnerability 5929.0 McAfee VirusScan File string-tcp high false Name Overflow 5929.0 McAfee VirusScan File string-tcp high false Name Overflow 5934.0 Winamp MP4 Memory string-tcp high false Corruption 5934.0 Winamp MP4 Memory string-tcp high false Corruption 5936.0 QuickTime MOV Heap string-tcp high false Overflow 5936.0 QuickTime MOV Heap string-tcp high false Overflow 5939.0 Word Text Box Memory string-tcp high false Curruption 5939.0 Word Text Box Memory string-tcp high false Curruption 5941.0 Windows CSRSS Message Box string-tcp high false Memory Corruption 5941.0 Windows CSRSS Message Box string-tcp high false Memory Corruption 5950.0 Excel Malformed String string-tcp high false Code Execution 5950.0 Excel Malformed String string-tcp high false Code Execution 5951.0 BrightStor ARCserve service-msrpc high false Backup MSRPC Memory Corruption 5951.0 BrightStor ARCserve service-msrpc high false Backup MSRPC Memory Corruption 5971.0 IE daxctle.ocx KeyFrame string-tcp high false Memory Curruption 5971.0 IE daxctle.ocx KeyFrame string-tcp high false Memory Curruption 5972.0 QuickTime Movie Buffer string-tcp high false Overflow 5972.0 QuickTime Movie Buffer string-tcp high false Overflow 5976.0 Avast! Remote LHA Buffer string-tcp high false Overflow 5976.0 Avast! Remote LHA Buffer string-tcp high false Overflow 5977.0 DB2 Handshake DoS string-tcp medium false 5977.0 DB2 Handshake DoS string-tcp medium false 6014.0 Flash Player Improper string-tcp high false Memory Access 6014.0 Flash Player Improper string-tcp high false Memory Access 6015.0 Flash string-tcp high false ActionDefineFunction Improper Memory Access 6015.0 Flash string-tcp high false ActionDefineFunction Improper Memory Access 6016.0 RIM BlackBerry Enterprise string-tcp medium false Router DoS 6016.0 RIM BlackBerry Enterprise string-tcp medium false Router DoS 6020.0 QuickTime PictureViewer string-tcp high false Buffer Overflow 6020.0 QuickTime PictureViewer string-tcp high false Buffer Overflow 6283.2 Malformed BMP Filter string-tcp high false Vulnerability 6283.2 Malformed BMP Filter string-tcp high false Vulnerability 6489.0 Symantec Veritas string-tcp high false NetBackup CONNECT_OPTIONS Buffer Overflow 6489.0 Symantec Veritas string-tcp high false NetBackup CONNECT_OPTIONS Buffer Overflow 7242.0 Windows GDI+ Denial of string-tcp medium true Service 7242.0 Windows GDI+ Denial of string-tcp medium true Service 16233.0 ClamAV AntiVirus CHM File multi-string high true Handling Denial of Service 16233.0 ClamAV AntiVirus CHM File multi-string high false Handling Denial of Service 16235.0 ClamAV AntiVirus CHM File multi-string high true Handling Denial of Service 16235.0 ClamAV AntiVirus CHM File multi-string high true Handling Denial of Service 19159.0 Green Dam Youth Escort service-http informational true Software Update Check 19159.0 Green Dam Youth Escort service-http informational true Software Update Check 19219.0 DirectShow QuickTime meta high true Media Processing Arbitrary Code Execution 19219.0 DirectShow QuickTime meta high true Media Processing Arbitrary Code Execution 19219.1 DirectShow QuickTime multi-string informational true Media Processing Arbitrary Code Execution 19219.1 DirectShow QuickTime multi-string informational true Media Processing Arbitrary Code Execution 19219.2 DirectShow QuickTime string-tcp informational true Media Processing Arbitrary Code Execution 19219.2 DirectShow QuickTime string-tcp informational true Media Processing Arbitrary Code Execution 19219.3 DirectShow QuickTime meta high true Media Processing Arbitrary Code Execution 19219.3 DirectShow QuickTime meta high true Media Processing Arbitrary Code Execution 19219.4 DirectShow QuickTime string-tcp informational true Media Processing Arbitrary Code Execution 19219.4 DirectShow QuickTime string-tcp informational true Media Processing Arbitrary Code Execution TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3137.0 Sober Virus Activity string-tcp high false 3137.0 Sober Virus Activity string-tcp high false 3137.3 Sober Virus Activity string-tcp high false 3137.3 Sober Virus Activity string-tcp high false 3159.0 FTP PASS Suspicious Length string-tcp high true 3159.0 FTP PASS Suspicious Length string-tcp high true 3181.0 dSMTP Mail Server Format string-tcp high false String Overflow 3181.0 dSMTP Mail Server Format string-tcp high false String Overflow 3314.0 Windows Locator Service string-tcp informational false Overflow 3314.0 Windows Locator Service string-tcp informational false Overflow 3527.0 UW imapd Overflows string-tcp high false 3527.0 UW imapd Overflows string-tcp high false 3531.0 Cisco IOS Telnet DoS service-generi high false c 3531.0 Cisco IOS Telnet DoS service-generi high false c 3736.0 Subversion get-dated-rev string-tcp high true overflow 3736.0 Subversion get-dated-rev string-tcp high true overflow 5036.1 WWW Windows Password File service-http medium false Access Attempt 5036.1 WWW Windows Password File service-http medium false Access Attempt 5036.2 WWW Windows Password File service-http medium false Access Attempt 5036.2 WWW Windows Password File service-http medium false Access Attempt 5547.1 SMB File Name Overflow string-tcp high false 5547.1 SMB File Name Overflow string-tcp high false 5830.0 Cisco Secure Access service-http high true Control Server HTTP Request Overflow 5830.0 Cisco Secure Access service-http high true Control Server HTTP Request Overflow 5850.0 Snort DCE/RPC atomic-ip high false Preprocessor Vulnerability 5850.0 Snort DCE/RPC atomic-ip high false Preprocessor Vulnerability 5850.1 Snort DCE/RPC atomic-ip high false Preprocessor Vulnerability 5850.1 Snort DCE/RPC atomic-ip high false Preprocessor Vulnerability 5879.0 Apple QuickTime Java string-tcp high true QTPointer Vulnerability 5879.0 Apple QuickTime Java string-tcp high true QTPointer Vulnerability 6143.0 Borland Interbase string-tcp high false Database Service Create-Request Buffer Overflow 6143.0 Borland Interbase string-tcp high false Database Service Create-Request Buffer Overflow 6792.0 SQL Memory Corruption service-http high true Vulnerability 6792.0 SQL Memory Corruption service-http high true Vulnerability 7307.0 MS SQL Server meta high true sp_replwritetovarbin memory overwrite 7307.0 MS SQL Server meta high true sp_replwritetovarbin memory overwrite 15634.0 Cisco ACE Crafted SSH string-tcp high true Packet Vulnerability 15634.0 Cisco ACE Crafted SSH string-tcp high true Packet Vulnerability 15773.0 Adobe Flash Player string-tcp high true Invalid Object Reference Vulnerability 15773.0 Adobe Flash Player string-tcp high true Invalid Object Reference Vulnerability 16413.0 Microsoft Excel Remote string-tcp high true Code Execution 16413.0 Microsoft Excel Remote string-tcp high true Code Execution 16414.0 Microsoft Excel Remote string-tcp high true Code Execution 16414.0 Microsoft Excel Remote string-tcp high true Code Execution CAVEATS None. Modified signature(s) detail: The regex for signature 3159-0 is being modified to increase its fidelity. Signatures 3181-0, 3314-0, 3527-0, 3531-0, 5036-1, 5036-2, 5850-0, and 5850-1 are being retired due to age. The sfr for signatures 3736-0, 5830-0, 5879-0, 6792-0, 7307-0, 15634-0, 15773-0, 16413-0, and 16414-0 is being increased due to positive performance in the field. ================================================================================================= S409 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16733.0 Cisco IP Camera Info service-http medium true Disclosure 16733.0 Cisco IP Camera Info service-http medium true Disclosure 16733.1 Cisco IP Camera Info service-http medium true Disclosure 16733.1 Cisco IP Camera Info service-http medium true Disclosure 16755.0 Cisco Video Surveillance atomic-ip medium true Stream Manager for Services Platforms and Integrated Services Platforms DoS 16755.0 Cisco Video Surveillance atomic-ip medium true Stream Manager for Services Platforms and Integrated Services Platforms DoS 18477.0 Cisco ASA WebVPN XSS meta high true 18477.0 Cisco ASA WebVPN XSS meta high true 18477.1 Cisco ASA WebVPN XSS string-tcp informational true 18477.1 Cisco ASA WebVPN XSS string-tcp informational true 18477.2 Cisco ASA WebVPN XSS string-tcp informational true 18477.2 Cisco ASA WebVPN XSS string-tcp informational true 18799.0 Cisco ASA WebVPN Cross string-tcp high true Site Scripting 18799.0 Cisco ASA WebVPN Cross string-tcp high true Site Scripting 18800.0 ASA WebVPN Cross Site string-tcp high true Scripting 18800.0 ASA WebVPN Cross Site string-tcp high true Scripting TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 2158.0 Nachi Worm ICMP Echo atomic-ip high false Request 2158.0 Nachi Worm ICMP Echo atomic-ip high false Request 5930.4 Generic SQL Injection service-http high false 5930.4 Generic SQL Injection service-http high false 16393.0 Cisco ASA Crafted TCP service-generi medium false Packet DoS Vulnerability c 16393.0 Cisco ASA Crafted TCP service-generi medium false Packet DoS Vulnerability c 16476.0 Windows HTTP Services meta high false Credential Reflection Vulnerability 16476.0 Windows HTTP Services meta high false Credential Reflection Vulnerability 16476.1 Windows HTTP Services atomic-ip informational false Credential Reflection Vulnerability 16476.1 Windows HTTP Services atomic-ip informational false Credential Reflection Vulnerability 16476.2 Windows HTTP Services atomic-ip informational false Credential Reflection Vulnerability 16476.2 Windows HTTP Services atomic-ip informational false Credential Reflection Vulnerability 16476.3 Windows HTTP Services atomic-ip informational false Credential Reflection Vulnerability 16476.3 Windows HTTP Services atomic-ip informational false Credential Reflection Vulnerability 16476.4 Windows HTTP Services atomic-ip informational false Credential Reflection Vulnerability 16476.4 Windows HTTP Services atomic-ip informational false Credential Reflection Vulnerability CAVEATS None. Modified signature(s) detail: The following signatures are being retired: 16476-0,1,2,3,4, 5930-4 2158-0 and 16393-0. ================================================================================================= S408 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6173.1 Empty DNS Query string-tcp medium false 6173.1 Empty DNS Query string-tcp medium false 16773.0 Raster Dialog File Buffer string-tcp high false Overflow 16773.0 Raster Dialog File Buffer string-tcp high false Overflow 17018.0 InfoSoft FusionCharts SWF service-http high false Flash File Injection 17018.0 InfoSoft FusionCharts SWF service-http high false Flash File Injection 17019.0 Adobe Dreamweaver service-http high false ActionScript Cross-Site Scripting Attack 17019.0 Adobe Dreamweaver service-http high false ActionScript Cross-Site Scripting Attack 17020.0 Magento Multiple Cross service-http high false Site Scripting 17020.0 Magento Multiple Cross service-http high false Site Scripting 17120.0 Apache Tomcat service-http high false "RequestDispatcher" Information Disclosure Vulnerability 17120.0 Apache Tomcat service-http high false "RequestDispatcher" Information Disclosure Vulnerability 17121.0 SonicWALL Email Security service-http high false Host Header Cross-Site Scripting Vulnerability 17121.0 SonicWALL Email Security service-http high false Host Header Cross-Site Scripting Vulnerability 17123.0 SmarterTools SmarterMail string-tcp high false HTTP Request Handling Denial Of Service 17123.0 SmarterTools SmarterMail string-tcp high false HTTP Request Handling Denial Of Service 17125.0 cPanel "manpage.html" service-http high false Cross-Site Scripting Vulnerability 17125.0 cPanel "manpage.html" service-http high false Cross-Site Scripting Vulnerability 17143.0 Windows COM object string-tcp high false ActiveX Buffer Overflow 17143.0 Windows COM object string-tcp high false ActiveX Buffer Overflow 17144.0 Black Ice Barcode SDK string-tcp high false BIDIB.ocx Buffer Overflow 17144.0 Black Ice Barcode SDK string-tcp high false BIDIB.ocx Buffer Overflow 17144.1 Black Ice Barcode SDK string-tcp high false BIDIB.ocx Buffer Overflow 17144.1 Black Ice Barcode SDK string-tcp high false BIDIB.ocx Buffer Overflow 17156.0 NetProxy Security string-tcp high false Restriction Bypass Vulnerability 17156.0 NetProxy Security string-tcp high false Restriction Bypass Vulnerability 17177.0 HTTP Yahoo Messenger string-tcp high false YMailAttach ActiveX Control Buffer Overflow 17177.0 HTTP Yahoo Messenger string-tcp high false YMailAttach ActiveX Control Buffer Overflow 17217.0 CA Secure Content Manager string-tcp high false eCSqdmn Denial of Service 17217.0 CA Secure Content Manager string-tcp high false eCSqdmn Denial of Service 17219.0 PHP Easy Download Remote service-http high false Code Execution 17219.0 PHP Easy Download Remote service-http high false Code Execution 17261.0 Twilight WebServer string-tcp high false GETRequest Buffer Overflow Vulnerability 17261.0 Twilight WebServer string-tcp high false GETRequest Buffer Overflow Vulnerability 17267.0 Hylafax Fax Survey Remote service-http high false Command Execution Vulnerability 17267.0 Hylafax Fax Survey Remote service-http high false Command Execution Vulnerability 17268.0 IntelliTamper HTML 'href' string-tcp high false Parsing Buffer Overflow Vulnerability 17268.0 IntelliTamper HTML 'href' string-tcp high false Parsing Buffer Overflow Vulnerability 17269.0 Asterisk IAX2 Remote atomic-ip high false Denial of Service 17269.0 Asterisk IAX2 Remote atomic-ip high false Denial of Service 17278.0 IIS Information Gathering string-tcp medium false Attack 17278.0 IIS Information Gathering string-tcp medium false Attack 17279.0 Apache Encoded Path string-tcp high false Traversal 17279.0 Apache Encoded Path string-tcp high false Traversal 17281.0 FTP WarFTP Daemon CWD DoS string-tcp medium false 17281.0 FTP WarFTP Daemon CWD DoS string-tcp medium false 17283.0 Windows MFC ListFiles() string-tcp high false Overflow 17283.0 Windows MFC ListFiles() string-tcp high false Overflow 17284.0 InterBase Ibserver.exe string-tcp high false Stack Overflow 17284.0 InterBase Ibserver.exe string-tcp high false Stack Overflow 17287.0 MSODataSourceControl string-tcp high false ActiveX Overflow 17287.0 MSODataSourceControl string-tcp high false ActiveX Overflow 17289.0 PowerDVD .m3u File Buffer string-tcp high false Overflow 17289.0 PowerDVD .m3u File Buffer string-tcp high false Overflow 17291.0 MailEnable APPEND Remote string-tcp high false Buffer Overflow 17291.0 MailEnable APPEND Remote string-tcp high false Buffer Overflow 17292.0 acFTP DoS string-tcp medium false 17292.0 acFTP DoS string-tcp medium false 17292.1 acFTP DoS string-tcp medium false 17292.1 acFTP DoS string-tcp medium false 17295.0 XM Easy Personal ftp string-tcp medium false ServerDoS 17295.0 XM Easy Personal ftp string-tcp medium false ServerDoS 17296.0 IE string-tcp medium false DXImageTransform.Microsof- t.Gradient Object DoS 17296.0 IE string-tcp medium false DXImageTransform.Microsof- t.Gradient Object DoS 17297.0 ActSoft DVDTools.OCX string-tcp high false Overflow 17297.0 ActSoft DVDTools.OCX string-tcp high false Overflow 17299.0 HydraIRC URI Processing string-tcp medium false DoS 17299.0 HydraIRC URI Processing string-tcp medium false DoS 17337.0 Internet Explorer string-tcp medium false Statusbar Spoof 17337.0 Internet Explorer string-tcp medium false Statusbar Spoof 17338.0 IIS ExAir DoS string-tcp medium false 17338.0 IIS ExAir DoS string-tcp medium false 17339.0 IIS ExAir DoS string-tcp medium false 17339.0 IIS ExAir DoS string-tcp medium false 17344.0 RealPlayer rpau3260.dll string-tcp medium false ActiveX Dos 17344.0 RealPlayer rpau3260.dll string-tcp medium false ActiveX Dos 17345.0 Outlook ole32.dll ActiveX string-tcp medium false DoS 17345.0 Outlook ole32.dll ActiveX string-tcp medium false DoS 17347.0 CorelMalformed CLP string-tcp medium false Overflow 17347.0 CorelMalformed CLP string-tcp medium false Overflow 17351.0 AcroOPDF.DLL ActiveX string-tcp medium false Control DoS 17351.0 AcroOPDF.DLL ActiveX string-tcp medium false Control DoS 17353.0 ArGoSoft Mail MLSRVX.DLL string-tcp high false Arbitrary File Overwrite 17353.0 ArGoSoft Mail MLSRVX.DLL string-tcp high false Arbitrary File Overwrite 17354.0 Microsoft DirectX string-tcp medium false DXTMSFT.DLL DoS 17354.0 Microsoft DirectX string-tcp medium false DXTMSFT.DLL DoS 17357.0 RDS.DataControl ActiveX string-tcp medium false DoS 17357.0 RDS.DataControl ActiveX string-tcp medium false DoS 17358.0 Move Media Player ActiveX string-tcp high false Buffer Overflow 17358.0 Move Media Player ActiveX string-tcp high false Buffer Overflow 17365.0 IE Reveal Trans ActiveX string-tcp medium false DoS 17365.0 IE Reveal Trans ActiveX string-tcp medium false DoS 17367.0 HtmlDlgSafeHelper ActiveX string-tcp medium false DoS 17367.0 HtmlDlgSafeHelper ActiveX string-tcp medium false DoS 17369.0 eCentrex VOIP Client string-tcp high false UACOMX.OCX ActiveX Buffer Overflow 17369.0 eCentrex VOIP Client string-tcp high false UACOMX.OCX ActiveX Buffer Overflow 17373.0 Firefox Browser Engine string-tcp high false Remote Code Execution 17373.0 Firefox Browser Engine string-tcp high false Remote Code Execution 17397.0 Asterisk Channel Driver atomic-ip high false Request Handling Remote DoS 17397.0 Asterisk Channel Driver atomic-ip high false Request Handling Remote DoS TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5337.0 Dot Dot Slash in HTTP service-http low false Arguments 5337.0 Dot Dot Slash in HTTP service-http low false Arguments CAVEATS None. Modified signature(s) detail: 5337-0 ================================================================================================= S407 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 18418.0 Microsoft Office Remote string-tcp high true Code Execution 18418.0 Microsoft Office Remote string-tcp high true Code Execution 18419.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18419.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18420.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18420.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18421.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18421.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18437.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18437.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18438.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18438.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18441.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18441.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18457.0 Microsoft Internet string-tcp high true Explorer Cross Domain Information Leak 18457.0 Microsoft Internet string-tcp high true Explorer Cross Domain Information Leak 18458.0 Microsoft Internet string-tcp high true Explorer Zone Restriction Bypass 18458.0 Microsoft Internet string-tcp high true Explorer Zone Restriction Bypass 18459.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution 18459.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution 18460.0 Microsoft Internet string-tcp high true Explorer Memory Corruption Vulnerability 18460.0 Microsoft Internet string-tcp high true Explorer Memory Corruption Vulnerability 18461.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution Vulnerability 18461.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution Vulnerability 18462.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution Vulnerability 18462.0 Microsoft Internet string-tcp high true Explorer Remote Code Execution Vulnerability 18463.0 Microsoft Internet string-tcp high true Explorer Memory Corruption Vulnerability 18463.0 Microsoft Internet string-tcp high true Explorer Memory Corruption Vulnerability 18464.0 Microsoft Internet string-tcp high true Explorer Memory Corruption Vulnerability 18464.0 Microsoft Internet string-tcp high true Explorer Memory Corruption Vulnerability 18559.0 Microsoft Word Remote string-tcp high true Code Execution Vulnerability 18559.0 Microsoft Word Remote string-tcp high true Code Execution Vulnerability 18560.0 Microsoft Word Memory string-tcp high true Corruption Condition 18560.0 Microsoft Word Memory string-tcp high true Corruption Condition 18600.0 Active Directory Invalid string-tcp high true Free Vulnerability 18600.0 Active Directory Invalid string-tcp high true Free Vulnerability 18619.0 Active Directory Memory string-tcp high true Leak Vulnerability 18619.0 Active Directory Memory string-tcp high true Leak Vulnerability 18624.0 Microsoft Office Excel string-tcp high true Remote Code Execution 18624.0 Microsoft Office Excel string-tcp high true Remote Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S406 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5547.1 SMB File Name Overflow string-tcp high true 5547.1 SMB File Name Overflow string-tcp high true 6086.0 Windows Graphics string-tcp high false Rendering Engine Buffer Overflow 6086.0 Windows Graphics string-tcp high false Rendering Engine Buffer Overflow 6088.0 Windows Compressed string-tcp high false Folders Buffer Overflow 6088.0 Windows Compressed string-tcp high false Folders Buffer Overflow 6089.0 PHP memory_limit string-tcp high false Vulnerability 6089.0 PHP memory_limit string-tcp high false Vulnerability 6090.0 Libpng Chunk Length string-tcp high false Buffer Overflow 6090.0 Libpng Chunk Length string-tcp high false Buffer Overflow 6205.0 NetBackup Vmd Buffer string-tcp high false Overflow 6205.0 NetBackup Vmd Buffer string-tcp high false Overflow 6207.0 FreeBSD nfsd Request string-tcp medium false Denial of Service 6207.0 FreeBSD nfsd Request string-tcp medium false Denial of Service 6208.0 NetBackup Volume Manager string-tcp high false Buffer Overflow 6208.0 NetBackup Volume Manager string-tcp high false Buffer Overflow 6209.0 NetBackup Vnetd Buffer string-tcp high false Overflow 6209.0 NetBackup Vnetd Buffer string-tcp high false Overflow 6212.0 IE HTML Tag Memory string-tcp high false Corruption 6212.0 IE HTML Tag Memory string-tcp high false Corruption 6213.0 Firefox JavaScript Focus string-tcp high false Buffer Overflow 6213.0 Firefox JavaScript Focus string-tcp high false Buffer Overflow 6214.0 LibTIFF TIFFFetchData string-tcp high false Integer Overflow 6214.0 LibTIFF TIFFFetchData string-tcp high false Integer Overflow 6215.0 Novell Print Services string-tcp high false Integer Overflow 6215.0 Novell Print Services string-tcp high false Integer Overflow 6216.0 EMC Retrospect Client string-tcp high false Buffer Overflow 6216.0 EMC Retrospect Client string-tcp high false Buffer Overflow 6239.0 Apple QuickTime RTSP Long string-tcp high false URL 6239.0 Apple QuickTime RTSP Long string-tcp high false URL 6432.0 Subversion svn Protocol string-tcp high false String Parsing Vulnerability 6432.0 Subversion svn Protocol string-tcp high false String Parsing Vulnerability 6446.0 Adobe Acrobat Reader string-tcp high false eBook plug-in Format String Vulnerability 6446.0 Adobe Acrobat Reader string-tcp high false eBook plug-in Format String Vulnerability 7304.1 Microsoft Word File string-tcp high false Parsing Overflow 7304.1 Microsoft Word File string-tcp high false Parsing Overflow 16039.0 Adobe Invalid BMP Header string-tcp high false Buffer Overflow 16039.0 Adobe Invalid BMP Header string-tcp high false Buffer Overflow 16913.0 Mozilla Firefox IFrame string-tcp high false Style Change Handling Code Execution 16913.0 Mozilla Firefox IFrame string-tcp high false Style Change Handling Code Execution 16914.0 MySQL MaxDB Webtool GET service-http high false Command Buffer Overflow Vulnerability 16914.0 MySQL MaxDB Webtool GET service-http high false Command Buffer Overflow Vulnerability 17037.0 Macrovision InstallShield string-tcp high false Update Service isusweb.dll Remote Buffer Overflow 17037.0 Macrovision InstallShield string-tcp high false Update Service isusweb.dll Remote Buffer Overflow 17245.0 Squid HTTP Version Number service-http medium false DoS 17245.0 Squid HTTP Version Number service-http medium false DoS TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6143.0 Borland Interbase string-tcp high false Database Service Create-Request Buffer Overflow 6143.0 Borland Interbase string-tcp high false Database Service Create-Request Buffer Overflow CAVEATS None. Modified signature(s) detail: 6143-0 ================================================================================================= S405 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5490.1 Firefox JavaScript IFRAME string-tcp high false Exploitation 5490.1 Firefox JavaScript IFRAME string-tcp high false Exploitation 5935.0 Quicktime string-tcp high false FlipFileTypeAtom_BtoN Underflow 5935.0 Quicktime string-tcp high false FlipFileTypeAtom_BtoN Underflow 5944.0 eTrust IDS Encryption Key string-tcp medium false DoS 5944.0 eTrust IDS Encryption Key string-tcp medium false DoS 5952.0 WordPerfect string-tcp high false Importer/Exporter Heap Overflow 5952.0 WordPerfect string-tcp high false Importer/Exporter Heap Overflow 5955.0 QuickTime udta Buffer string-tcp high false Overflow 5955.0 QuickTime udta Buffer string-tcp high false Overflow 5957.0 QuickTime Heap Corruption string-tcp high false 5957.0 QuickTime Heap Corruption string-tcp high false 5960.0 Mozilla Regular string-tcp high false Expressions Heap Corruption 5960.0 Mozilla Regular string-tcp high false Expressions Heap Corruption 5973.0 Publisher Font Overflow string-tcp high false 5973.0 Publisher Font Overflow string-tcp high false 6071.0 Oracle Database Server string-tcp high false XDB.DBMS_XMLSCHEMA Buffer Overflow 6071.0 Oracle Database Server string-tcp high false XDB.DBMS_XMLSCHEMA Buffer Overflow 6073.0 Visual Studio Crystal string-tcp high false Reports RPT File Code Execution 6073.0 Visual Studio Crystal string-tcp high false Reports RPT File Code Execution 6092.0 Qt BMP Buffer Overflow string-tcp high false 6092.0 Qt BMP Buffer Overflow string-tcp high false 6450.0 pcAnywhere Buffer Overflow string-tcp medium false 6450.0 pcAnywhere Buffer Overflow string-tcp medium false 17286.0 Long IMAP UNSUBSCRIBE string-tcp high false Command 17286.0 Long IMAP UNSUBSCRIBE string-tcp high false Command 17359.0 PhpBB XS phpbb_root_path service-http high false File Include 17359.0 PhpBB XS phpbb_root_path service-http high false File Include 17364.0 CCRP Folder Treeview string-tcp medium false ActiveX DoS 17364.0 CCRP Folder Treeview string-tcp medium false ActiveX DoS 17433.0 IE FolderItem Object string-tcp medium false Access DoS 17433.0 IE FolderItem Object string-tcp medium false Access DoS 17781.0 IPSwitch WS_FTP Logging atomic-ip medium false Server Remote DoS 17781.0 IPSwitch WS_FTP Logging atomic-ip medium false Server Remote DoS 17797.1 Apache Tomcat URL service-http high false Information Disclosure 17797.1 Apache Tomcat URL service-http high false Information Disclosure 17818.0 Ipswitch Imail STATUS string-tcp high false Buffer Overflow 17818.0 Ipswitch Imail STATUS string-tcp high false Buffer Overflow 18037.0 Office Malformed PNG File string-tcp high false Code Execution 18037.0 Office Malformed PNG File string-tcp high false Code Execution 18077.0 CA Brightstore Backup RPC atomic-ip-adva medium false Server DoS nced 18077.0 CA Brightstore Backup RPC atomic-ip-adva medium false Server DoS nced 18078.0 Windows Explorer WMF File string-tcp medium false DoS 18078.0 Windows Explorer WMF File string-tcp medium false DoS 18097.0 C6 Messenger URL string-tcp high false Downloader File Download 18097.0 C6 Messenger URL string-tcp high false Downloader File Download 18123.0 NetBackup Volume Manager string-tcp high false Daemon Overflow 18123.0 NetBackup Volume Manager string-tcp high false Daemon Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5400.0 Beagle.B (Bagle.B) Web service-http high false Beacon 5400.0 Beagle.B (Bagle.B) Web service-http high false Beacon 5498.0 Media Player IE Zone meta medium false Bypass 5498.0 Media Player IE Zone meta medium false Bypass 5760.0 Novell GroupWise service-http high false Messenger Accept-Language Value Overflow 5760.0 Novell GroupWise service-http high false Messenger Accept-Language Value Overflow 5766.0 DNS Resolution Response atomic-ip high true Code Execution 5766.0 DNS Resolution Response atomic-ip high true Code Execution 5843.0 CA BrightStor Tape Engine service-msrpc high true Overflow 5843.0 CA BrightStor Tape Engine service-msrpc high true Overflow 5921.0 Apple Quicktime Color string-tcp high true Table Overflow 5921.0 Apple Quicktime Color string-tcp high true Table Overflow 6131.2 Microsoft Plug and Play meta high true Overflow 6131.2 Microsoft Plug and Play meta high true Overflow 6131.5 Microsoft Plug and Play meta high true Overflow 6131.5 Microsoft Plug and Play meta high true Overflow 6131.7 Microsoft Plug and Play meta high true Overflow 6131.7 Microsoft Plug and Play meta high true Overflow 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6178.0 SIP Message DoS atomic-ip high true 6178.0 SIP Message DoS atomic-ip high true 6258.0 Microsoft IE HTML string-tcp high true Rendering Memory Corruption 6258.0 Microsoft IE HTML string-tcp high true Rendering Memory Corruption 6259.0 HP Linux Printing And string-tcp high true Imaging hpssd Command Injection 6259.0 HP Linux Printing And string-tcp high true Imaging hpssd Command Injection 6264.0 Excel Malformed Header string-tcp high true 6264.0 Excel Malformed Header string-tcp high true 6265.0 Microsoft Jet Database string-tcp high true Engine Buffer Overflow 6265.0 Microsoft Jet Database string-tcp high true Engine Buffer Overflow 6266.0 Excel Malformed Header string-tcp high true 6266.0 Excel Malformed Header string-tcp high true 6270.0 HP OpenView Network Node string-tcp high true Manager Integer Overflow 6270.0 HP OpenView Network Node string-tcp high true Manager Integer Overflow 6274.0 McAfee ePolicy atomic-ip high true Orchestrator Format String 6274.0 McAfee ePolicy atomic-ip high true Orchestrator Format String 6412.0 Malformed BGP Message atomic-ip high true 6412.0 Malformed BGP Message atomic-ip high true 6505.1 Trinoo Client Request atomic-ip medium false 6505.1 Trinoo Client Request atomic-ip medium false 6527.0 Microsoft Publisher string-tcp high true Invalid Memory Reference RCE 6527.0 Microsoft Publisher string-tcp high true Invalid Memory Reference RCE 6530.0 SynCE Command Injection string-tcp high true 6530.0 SynCE Command Injection string-tcp high true 6533.0 Computer Associates string-tcp high true BrightStor ARCserve Backup Discovery Service 6533.0 Computer Associates string-tcp high true BrightStor ARCserve Backup Discovery Service 6768.0 Samba WINS Remote Code meta high true Execution Vulnerability 6768.0 Samba WINS Remote Code meta high true Execution Vulnerability 6794.0 CA BrightStor ARCserve meta high true Backup Listservcntrl ActiveX Overflow 6794.0 CA BrightStor ARCserve meta high true Backup Listservcntrl ActiveX Overflow CAVEATS None. Modified signature(s) detail: Signatures 5400-0, 5498-0, 5760-0, 6505-1, have been retired due to age. Signatures 5766-0, 5843-0, 5921-0, 6131-2, 6131-5, 6131-7, 6131-10, 6131-11, 6178-0, 6258-0, 6259-0, 6264-0, 6265-0, 6266-0, 6270-0, 6274-0, 6412-0, 6527-0, 6530-0, 6533-0, 6768-0, and 6794-0 have had their sfr and/or severity increased due to positive field performance. Signature 6794-0 has had its all components required setting configured to yes. ================================================================================================= S404 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5403.1 OpenSSL SSL/TLS Malformed string-tcp high false Handshake DoS 5403.1 OpenSSL SSL/TLS Malformed string-tcp high false Handshake DoS 5937.0 Oracle Database string-tcp medium false SUBSCRIPTION_NAME Parameter SQL Injection 5937.0 Oracle Database string-tcp medium false SUBSCRIPTION_NAME Parameter SQL Injection 5938.0 Oracle Database string-tcp high false sys.pbsde.init Procedure Buffer Overflow 5938.0 Oracle Database string-tcp high false sys.pbsde.init Procedure Buffer Overflow 5963.0 Kerberos V5 Principal atomic-ip high false Name Buffer Overflow 5963.0 Kerberos V5 Principal atomic-ip high false Name Buffer Overflow 5966.0 Symantec Veritas string-tcp high false NetBackup Server bpcd Long Request Buffer Overflow 5966.0 Symantec Veritas string-tcp high false NetBackup Server bpcd Long Request Buffer Overflow 5967.0 Symantec Veritas string-tcp high false NetBackup CONNECT_OPTIONS Request Buffer Overflow 5967.0 Symantec Veritas string-tcp high false NetBackup CONNECT_OPTIONS Request Buffer Overflow 5974.0 Oracle Database Server string-tcp high false SDO_CS.TRANSFORM_LAYER Buffer Overflow 5974.0 Oracle Database Server string-tcp high false SDO_CS.TRANSFORM_LAYER Buffer Overflow 5975.0 Microsoft Windows Media string-tcp high false Player ASX Playlist Parsing Buffer Overflow 5975.0 Microsoft Windows Media string-tcp high false Player ASX Playlist Parsing Buffer Overflow 5978.0 MailEnable SMTP Service string-tcp medium false SPF Lookup Buffer Overflow 5978.0 MailEnable SMTP Service string-tcp medium false SPF Lookup Buffer Overflow 5987.0 Mozilla Products SVG string-tcp medium false layout vulnerability 5987.0 Mozilla Products SVG string-tcp medium false layout vulnerability 5998.0 SYS.KUPW-WORKER Package string-tcp medium false MAIN Procedure SQL Injection Attempt 5998.0 SYS.KUPW-WORKER Package string-tcp medium false MAIN Procedure SQL Injection Attempt 6039.0 DOMNodeRemoved Mutation string-tcp medium false Memory Corruption 6039.0 DOMNodeRemoved Mutation string-tcp medium false Memory Corruption 6040.0 Symantec Scan Engine string-tcp medium false Authentication Bypass 6040.0 Symantec Scan Engine string-tcp medium false Authentication Bypass 6041.0 Mozilla Firefox CSS string-tcp high false Letter-Spacing Heap Overflow 6041.0 Mozilla Firefox CSS string-tcp high false Letter-Spacing Heap Overflow 6095.0 Apache apr-util IPv6 URI service-http high false Parsing Vulnerability 6095.0 Apache apr-util IPv6 URI service-http high false Parsing Vulnerability 6138.0 Non-ASCII Hostname string-tcp high false 6138.0 Non-ASCII Hostname string-tcp high false 6139.0 Malicious BMP File string-tcp high false 6139.0 Malicious BMP File string-tcp high false 6140.0 Squid ASN.1 Header atomic-ip medium false Parsing Denial of Service 6140.0 Squid ASN.1 Header atomic-ip medium false Parsing Denial of Service 6162.0 Ipswitch IMail Server string-tcp high false Date String Overflow 6162.0 Ipswitch IMail Server string-tcp high false Date String Overflow 6164.0 Microsoft Word Document string-tcp high false Parsing Buffer Overflow 6164.0 Microsoft Word Document string-tcp high false Parsing Buffer Overflow 6172.0 Novell eDirectory string-tcp high false evtFilteredMonitorEventsR- equest Function 6172.0 Novell eDirectory string-tcp high false evtFilteredMonitorEventsR- equest Function 6244.0 Microsoft Windows SNMP atomic-ip high false Service Memory Corruption 6244.0 Microsoft Windows SNMP atomic-ip high false Service Memory Corruption 6417.0 JavaScript Navigator string-tcp high false Object Memory Corruption 6417.0 JavaScript Navigator string-tcp high false Object Memory Corruption 6418.0 Apache HTTP Server string-tcp high false mod_rewrite Module LDAP Scheme Handling Buffer Overflow 6418.0 Apache HTTP Server string-tcp high false mod_rewrite Module LDAP Scheme Handling Buffer Overflow 6419.0 Oracle Database string-tcp high false dbms_assert Filter Bypass Vulnerability 6419.0 Oracle Database string-tcp high false dbms_assert Filter Bypass Vulnerability 6420.0 Microsoft Office string-tcp high false Malformed GIF File Processing Code Execution 6420.0 Microsoft Office string-tcp high false Malformed GIF File Processing Code Execution 6422.0 Microsoft ASP.NET service-http medium false Application Folder Information Disclosure 6422.0 Microsoft ASP.NET service-http medium false Application Folder Information Disclosure 6423.0 Microsoft XML Core string-tcp high false Services Integer Overflow 6423.0 Microsoft XML Core string-tcp high false Services Integer Overflow 6427.0 zlib Denial of Service string-tcp medium false 6427.0 zlib Denial of Service string-tcp medium false 6436.0 Citrix Program string-tcp high false Neighborhood Agent Buffer Overflow 6436.0 Citrix Program string-tcp high false Neighborhood Agent Buffer Overflow 6437.0 RealNetworks RealPlayer string-tcp high false Compressed Skin Buffer Overflow 6437.0 RealNetworks RealPlayer string-tcp high false Compressed Skin Buffer Overflow 6458.0 Microsoft Windows Media string-tcp low false Player File Information Disclosure 6458.0 Microsoft Windows Media string-tcp low false Player File Information Disclosure 6728.0 Microsoft Windows GUID string-tcp high false Folder Code Execution 6728.0 Microsoft Windows GUID string-tcp high false Folder Code Execution 6741.0 Symantec Discovery string-tcp high false XFERWAN Buffer overflow 6741.0 Symantec Discovery string-tcp high false XFERWAN Buffer overflow 7416.0 Microsoft Internet string-tcp high false Explorer COM Object Instantiation Memory Corruption 7416.0 Microsoft Internet string-tcp high false Explorer COM Object Instantiation Memory Corruption 15007.0 CA Products Message string-tcp high false Queuing Buffer Overflow 15007.0 CA Products Message string-tcp high false Queuing Buffer Overflow 16033.0 Microsoft Excel File string-tcp high false Parsing Buffer Overflow 16033.0 Microsoft Excel File string-tcp high false Parsing Buffer Overflow 16040.0 Quicktime Crafted VR string-tcp high false Movie Buffer Overflow 16040.0 Quicktime Crafted VR string-tcp high false Movie Buffer Overflow 16614.0 Oracle Web Cache string-tcp high false Unspecified Client Request 16614.0 Oracle Web Cache string-tcp high false Unspecified Client Request 16615.0 Microsoft PowerPoint PPT string-tcp high false Document Parsing Code Execution 16615.0 Microsoft PowerPoint PPT string-tcp high false Document Parsing Code Execution 16653.0 Ipswitch WhatsUp Gold Web string-tcp high false Server BUffer Overflow 16653.0 Ipswitch WhatsUp Gold Web string-tcp high false Server BUffer Overflow 16796.0 Atrium Software MERCUR string-tcp high false IMAPD NTLMSSP Command Handling Memory Corruption Exploit 16796.0 Atrium Software MERCUR string-tcp high false IMAPD NTLMSSP Command Handling Memory Corruption Exploit 16814.0 Novell NetMail WebAdmin string-tcp high false Username Stack Buffer Overflow 16814.0 Novell NetMail WebAdmin string-tcp high false Username Stack Buffer Overflow 16815.0 Trend Micro ServerProtect string-tcp high false EarthAgent DCE-RPC Stack Overflow 16815.0 Trend Micro ServerProtect string-tcp high false EarthAgent DCE-RPC Stack Overflow 16853.0 HP OpenView Products string-tcp high false OVTrace Service Stack Buffer Overflow 16853.0 HP OpenView Products string-tcp high false OVTrace Service Stack Buffer Overflow 16873.0 CA DBASVR RPC Server service-msrpc high false Crafted Pointer Buffer Overflow 16873.0 CA DBASVR RPC Server service-msrpc high false Crafted Pointer Buffer Overflow 16997.0 MSWord CSS Processing string-tcp high false Code Execution 16997.0 MSWord CSS Processing string-tcp high false Code Execution 17057.0 CA BrightStor ARCserve service-rpc high false Backup Media Server Buffer Overflow 17057.0 CA BrightStor ARCserve service-rpc high false Backup Media Server Buffer Overflow 17078.0 MS DirectX Crafted MJPEG string-tcp high false Stream Handling Code Execution 17078.0 MS DirectX Crafted MJPEG string-tcp high false Stream Handling Code Execution 17097.0 Microsoft Word RTF File string-tcp high false Handling Memory Corruption 17097.0 Microsoft Word RTF File string-tcp high false Handling Memory Corruption 17117.0 Microsoft Rich Textbox string-tcp high false Control SaveFile Insecure Method Arbitrary File Overwrite 17117.0 Microsoft Rich Textbox string-tcp high false Control SaveFile Insecure Method Arbitrary File Overwrite 17139.0 KAME Racoon Auth Bypass atomic-ip high false 17139.0 KAME Racoon Auth Bypass atomic-ip high false 17140.0 Trend Micro OfficeScan string-tcp high false Console Buffer Overflow 17140.0 Trend Micro OfficeScan string-tcp high false Console Buffer Overflow 17141.0 WS_FTP Log Server Denial atomic-ip medium false Of Service 17141.0 WS_FTP Log Server Denial atomic-ip medium false Of Service 17244.0 SonicWALL Global VPN string-tcp high false Client Format String Vulnerability 17244.0 SonicWALL Global VPN string-tcp high false Client Format String Vulnerability 17248.0 HP OpenView Network Node service-http high false Manager CGI Buffer Overflow Vulnerabilities 17248.0 HP OpenView Network Node service-http high false Manager CGI Buffer Overflow Vulnerabilities 17249.0 Opera HREF Tag DoS string-tcp medium false 17249.0 Opera HREF Tag DoS string-tcp medium false 17251.0 BitDefender Online string-tcp high false Scanner OScan.OCX Buffer Overflow 17251.0 BitDefender Online string-tcp high false Scanner OScan.OCX Buffer Overflow 17253.0 AOL AmpX SetName ActiveX string-tcp high false Control Buffer Overflow 17253.0 AOL AmpX SetName ActiveX string-tcp high false Control Buffer Overflow 17277.0 MS SQL Hello Buffer string-tcp high false Overflow 17277.0 MS SQL Hello Buffer string-tcp high false Overflow 17280.0 MS IE Object Tag Overflow string-tcp high false 17280.0 MS IE Object Tag Overflow string-tcp high false 17282.0 Cachemgr.cgi string-tcp medium false 17282.0 Cachemgr.cgi string-tcp medium false 17288.0 CA eTrust Intrusion string-tcp high false Detection Caller.DLL Remote Code Execution Vulnerability 17288.0 CA eTrust Intrusion string-tcp high false Detection Caller.DLL Remote Code Execution Vulnerability 17290.0 MS IE EDraw Office Viewer string-tcp medium false ActiveX Arbitrary File Delete 17290.0 MS IE EDraw Office Viewer string-tcp medium false ActiveX Arbitrary File Delete 17317.0 Mozilla Firefox OnUnload string-tcp high false Memory Corruption 17317.0 Mozilla Firefox OnUnload string-tcp high false Memory Corruption 17341.0 Hpufunction.dll Overflow string-tcp high false 17341.0 Hpufunction.dll Overflow string-tcp high false 17343.0 PhpBB Remote File string-tcp high false Inclusion 17343.0 PhpBB Remote File string-tcp high false Inclusion 17346.0 Adobe Acrobat Reader string-tcp high false Plugin Vulnerability 17346.0 Adobe Acrobat Reader string-tcp high false Plugin Vulnerability 17355.0 Navicopa 2.01 GET Buffer string-tcp high false Overflow 17355.0 Navicopa 2.01 GET Buffer string-tcp high false Overflow 17360.0 Visual FoxPro ActiveX string-tcp high false Arbitrary Command Execution 17360.0 Visual FoxPro ActiveX string-tcp high false Arbitrary Command Execution 17361.0 Safari KHTMLParser string-tcp high false popOneBlock code execution 17361.0 Safari KHTMLParser string-tcp high false popOneBlock code execution 17362.0 Mcrosoft MDAC string-tcp high false WMIScripUtils.WMIOjectBro- ker ActiveX Code Execution 17362.0 Mcrosoft MDAC string-tcp high false WMIScripUtils.WMIOjectBro- ker ActiveX Code Execution 17366.0 IE COM Object string-tcp high false Instantiation Memory Corruption Vulnerability 17366.0 IE COM Object string-tcp high false Instantiation Memory Corruption Vulnerability 17372.0 eSupportDiagnostics string-tcp medium false ActiveX ReadTextFile 17372.0 eSupportDiagnostics string-tcp medium false ActiveX ReadTextFile 17398.0 Microsoft Internet string-tcp high false Explorer HTML Tag Memory Corruption 17398.0 Microsoft Internet string-tcp high false Explorer HTML Tag Memory Corruption 17400.0 Microsoft PowerPoint string-tcp high true Legacy Format BO 17400.0 Microsoft PowerPoint string-tcp high true Legacy Format BO 17417.0 Backdoor Bump-Rat 1.2 string-tcp high false 17417.0 Backdoor Bump-Rat 1.2 string-tcp high false 17419.0 Microsoft Word Bulleted string-tcp high false Lists Buffer Overflow 17419.0 Microsoft Word Bulleted string-tcp high false Lists Buffer Overflow 17420.0 Microsoft IE Native string-tcp medium false Function DoS 17420.0 Microsoft IE Native string-tcp medium false Function DoS 17421.0 MS Excel Null Pointer DoS string-tcp high false 17421.0 MS Excel Null Pointer DoS string-tcp high false 17422.0 StarTeam MPX Heap Overflow string-tcp high false 17422.0 StarTeam MPX Heap Overflow string-tcp high false 17423.0 MS Excel Null Pointer DoS string-tcp medium false 17423.0 MS Excel Null Pointer DoS string-tcp medium false 17427.0 Microsoft Windows string-tcp high false Embedded Web Font Buffer Overflow 17427.0 Microsoft Windows string-tcp high false Embedded Web Font Buffer Overflow 17428.0 Acunetix Resource string-tcp medium false Starvation Attack 17428.0 Acunetix Resource string-tcp medium false Starvation Attack 17429.0 Firefox WYCIWYG URI Cache string-tcp medium false Zone Bypass 17429.0 Firefox WYCIWYG URI Cache string-tcp medium false Zone Bypass 17432.0 HP OpenView Directory service-http medium false Traversal 17432.0 HP OpenView Directory service-http medium false Traversal 17457.0 Linux Kernel SCTP FWD-TSN atomic-ip high true Handling Buffer Overflow 17457.0 Linux Kernel SCTP FWD-TSN atomic-ip high true Handling Buffer Overflow 17622.0 Lotus Domino Memory string-tcp high false Mapped Files Arbitrary Access 17622.0 Lotus Domino Memory string-tcp high false Mapped Files Arbitrary Access 17637.0 Oracle Rapid Install Web service-http high false Server Secondary Login Page CSS 17637.0 Oracle Rapid Install Web service-http high false Server Secondary Login Page CSS 17659.0 IE MHTML Redirection string-tcp medium false Information Disclosure 17659.0 IE MHTML Redirection string-tcp medium false Information Disclosure 17678.0 Borland StarTeam MPX Heap string-tcp high false Overflow 17678.0 Borland StarTeam MPX Heap string-tcp high false Overflow 17680.0 Borland StarTeam MPX string-tcp high false Integer Overflow 17680.0 Borland StarTeam MPX string-tcp high false Integer Overflow 17779.0 WS_FTP server Manager service-http medium false Information Leak 17779.0 WS_FTP server Manager service-http medium false Information Leak 17780.0 SAP Web Application service-http medium false Server XSS 17780.0 SAP Web Application service-http medium false Server XSS 17790.0 HTTP Apache 2.0 Path service-http low false Disclosure 17790.0 HTTP Apache 2.0 Path service-http low false Disclosure 17797.0 Apache Tomcat URL service-http high false Information Disclosure 17797.0 Apache Tomcat URL service-http high false Information Disclosure TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3551.0 POP User Root string-tcp medium true 3551.0 POP User Root string-tcp medium true 6449.0 Apache Tomcat Mod_jk service-http high true Stack Overflow 6449.0 Apache Tomcat Mod_jk service-http high true Stack Overflow CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S403 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16758.0 Oracle RDBMS TNS Listener string-tcp high true Attack 16758.0 Oracle RDBMS TNS Listener string-tcp high true Attack 17077.3 PowerPoint Legacy File string-tcp high true Format 17077.3 PowerPoint Legacy File string-tcp high true Format 17998.0 JRE Deserialization string-tcp high true Vulnerability 17998.0 JRE Deserialization string-tcp high true Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3140.4 Bagle Virus Activity service-http high false 3140.4 Bagle Virus Activity service-http high false 4055.2 B02K-UDP trojan-udp high false 4055.2 B02K-UDP trojan-udp high false 5469.1 TrackerCam PHP Argument service-http high false Overflow 5469.1 TrackerCam PHP Argument service-http high false Overflow 5479.0 MySQL MaxDB WebDAV string-tcp high false Lock-Token Overflow 5479.0 MySQL MaxDB WebDAV string-tcp high false Lock-Token Overflow 5853.0 SIP Invite DoS atomic-ip medium false 5853.0 SIP Invite DoS atomic-ip medium false 5873.0 Microsoft Speech API 4 string-tcp high false ActiveX Overflow 5873.0 Microsoft Speech API 4 string-tcp high false ActiveX Overflow 5874.0 Microsoft Speech API 4 string-tcp high false ActiveX Overflow 5874.0 Microsoft Speech API 4 string-tcp high false ActiveX Overflow 5876.0 WinZip ActiveX Control string-tcp high false Instantiation 5876.0 WinZip ActiveX Control string-tcp high false Instantiation 5887.0 Microsoft PDWizard string-tcp high false ActiveX Overflow 5887.0 Microsoft PDWizard string-tcp high false ActiveX Overflow 5912.0 CUCM SIP INVITE UDP atomic-ip medium false Denial of Service 5912.0 CUCM SIP INVITE UDP atomic-ip medium false Denial of Service 6271.0 VMWare ActiveX Arbitrary string-tcp high false File Access 6271.0 VMWare ActiveX Arbitrary string-tcp high false File Access 6272.0 Novell iPrint Client string-tcp high false ActiveX Buffer Overflow 6272.0 Novell iPrint Client string-tcp high false ActiveX Buffer Overflow 6273.0 Microsoft Works ActiveX string-tcp high false WkImgSrv.dll Insecure Function 6273.0 Microsoft Works ActiveX string-tcp high false WkImgSrv.dll Insecure Function 6299.0 Namo ActiveSquare6 string-tcp high false ActiveX Vulnerability 6299.0 Namo ActiveSquare6 string-tcp high false ActiveX Vulnerability 6526.0 Lighttpd FastCGI Header service-http high false Overrun 6526.0 Lighttpd FastCGI Header service-http high false Overrun CAVEATS None. Modified signature(s) detail: The following signatures are being set to disabled and retired by default: 3140-4, 4055-2, 5469-1, 5479-0, 5853-0, 5873-0, 5874-0, 5876-0, 5887-0, 5912-0, 6271-0, 6272-0, 6273-0, 6299-0, 6526-0 ================================================================================================= S402 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5933.0 Oracle Database string-tcp medium false DBMS_Scheduler Privilege Escalation 5933.0 Oracle Database string-tcp medium false DBMS_Scheduler Privilege Escalation 5943.0 Oracle Database Server string-tcp medium false SQL Query Directory Traversal 5943.0 Oracle Database Server string-tcp medium false SQL Query Directory Traversal 5945.0 MS IE Cross Frame string-tcp low false Scripting Restriction Bypass 5945.0 MS IE Cross Frame string-tcp low false Scripting Restriction Bypass 5949.0 Multiple HP Web Jetadmin service-http medium false Vulnerabilities 5949.0 Multiple HP Web Jetadmin service-http medium false Vulnerabilities 5949.1 Multiple HP Web Jetadmin service-http high false Vulnerabilities 5949.1 Multiple HP Web Jetadmin service-http high false Vulnerabilities 5956.0 Multiple Vendor SOAP DoS string-tcp medium false 5956.0 Multiple Vendor SOAP DoS string-tcp medium false 5961.0 Oracle Database Server string-tcp high false MD2 package SDO_CODE_SIZE procedure Buffer Overflow 5961.0 Oracle Database Server string-tcp high false MD2 package SDO_CODE_SIZE procedure Buffer Overflow 6134.0 Microsoft ASP.NET service-http low false Canonicalization 6134.0 Microsoft ASP.NET service-http low false Canonicalization 6137.0 Wordpad Default Font string-tcp high false Overflow 6137.0 Wordpad Default Font string-tcp high false Overflow 6284.0 Openwsman HTTP Basic service-http high true Authentication Buffer Overflow 6284.0 Openwsman HTTP Basic service-http high true Authentication Buffer Overflow 15010.0 MIT Kerberos KAdminD string-tcp high false klog_vsyslog Buffer Overflow 15010.0 MIT Kerberos KAdminD string-tcp high false klog_vsyslog Buffer Overflow 16759.0 Firefox UI Dispatcher DoS string-tcp high false 16759.0 Firefox UI Dispatcher DoS string-tcp high false 16760.0 VLC TTA Buffer Overflow string-tcp high false 16760.0 VLC TTA Buffer Overflow string-tcp high false 17137.0 Realplayer URL Parsing string-tcp high false Buffer Overflow 17137.0 Realplayer URL Parsing string-tcp high false Buffer Overflow 17138.0 Internet Explorer string-tcp high false Malformed BMP Buffer Overflow 17138.0 Internet Explorer string-tcp high false Malformed BMP Buffer Overflow 17142.0 ACDSee Plugins ID_X.APL string-tcp high false and IDE_ACDSTD.APL Buffer Overflow 17142.0 ACDSee Plugins ID_X.APL string-tcp high false and IDE_ACDSTD.APL Buffer Overflow 17145.0 FFmpeg libavformat string-tcp high false psxstr.c STR Data Heap Based Buffer Overflow 17145.0 FFmpeg libavformat string-tcp high false psxstr.c STR Data Heap Based Buffer Overflow 17148.0 Appian Enterprise string-tcp high false Business Process Management Suite 5.6 Denial of Service 17148.0 Appian Enterprise string-tcp high false Business Process Management Suite 5.6 Denial of Service 17197.0 MicroWorld Technologies service-http low false MailScan Multiple Remote Vulnerabilities 17197.0 MicroWorld Technologies service-http low false MailScan Multiple Remote Vulnerabilities 17197.1 MicroWorld Technologies service-http low false MailScan Multiple Remote Vulnerabilities 17197.1 MicroWorld Technologies service-http low false MailScan Multiple Remote Vulnerabilities 17197.2 MicroWorld Technologies service-http high false MailScan Multiple Remote Vulnerabilities 17197.2 MicroWorld Technologies service-http high false MailScan Multiple Remote Vulnerabilities 17200.0 C6 Messenger Installation string-tcp high false Url DownloaderActiveX Control 17200.0 C6 Messenger Installation string-tcp high false Url DownloaderActiveX Control 17201.0 HPISDataManagerLib.Datamg- string-tcp high false r ActiveX Control Vulnerability 17201.0 HPISDataManagerLib.Datamg- string-tcp high false r ActiveX Control Vulnerability 17202.0 Apple Quicktime Image string-tcp high false File IDSC Atom Memory Corruption 17202.0 Apple Quicktime Image string-tcp high false File IDSC Atom Memory Corruption 17237.0 CA BrightStor ARCserve string-tcp high false Backup Media Server Buffer Overflow 17237.0 CA BrightStor ARCserve string-tcp high false Backup Media Server Buffer Overflow 17238.0 CA BrightStor ARCserve string-tcp high false Backup Media Server Buffer Overflow 17238.0 CA BrightStor ARCserve string-tcp high false Backup Media Server Buffer Overflow 17239.0 Samba LSA RPC Buffer string-tcp high false Overflow 17239.0 Samba LSA RPC Buffer string-tcp high false Overflow 17240.0 Samba RPC Routine Buffer string-tcp high false Overflow 17240.0 Samba RPC Routine Buffer string-tcp high false Overflow 17241.0 TrendMicro serverProtect string-tcp high false Crafted RPC Buffer Overflow 17241.0 TrendMicro serverProtect string-tcp high false Crafted RPC Buffer Overflow 17243.0 OpenBSD Tcp Timestamp string-tcp medium false Handling DoS 17243.0 OpenBSD Tcp Timestamp string-tcp medium false Handling DoS 17246.0 Sun Java Web Start string-tcp high false ActiveX Control Buffer Overflow 17246.0 Sun Java Web Start string-tcp high false ActiveX Control Buffer Overflow 17247.0 IBiz E-Banking Integrator string-tcp high false ActiveX Vulnerability 17247.0 IBiz E-Banking Integrator string-tcp high false ActiveX Vulnerability 17250.0 Firefox Memory Corruption string-tcp medium false 17250.0 Firefox Memory Corruption string-tcp medium false 17252.0 Crystal Reports XI string-tcp high false ActiveX Buffer Overflow 17252.0 Crystal Reports XI string-tcp high false ActiveX Buffer Overflow 17255.0 Check Point VPN-1 UTM string-tcp high false Edge Login Page Cross-Site Scripting 17255.0 Check Point VPN-1 UTM string-tcp high false Edge Login Page Cross-Site Scripting 17256.0 HPISDataManager.dll string-tcp high true Arbitrary File Download 17256.0 HPISDataManager.dll string-tcp high true Arbitrary File Download 17257.0 HPISDataManager.dll string-tcp high false GetFileTime Overflow 17257.0 HPISDataManager.dll string-tcp high false GetFileTime Overflow 17262.0 Savant Web Server Remote string-tcp high false Buffer Overflow Vulnerability 17262.0 Savant Web Server Remote string-tcp high false Buffer Overflow Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: 3531-0 This Signature was retired. ================================================================================================= S401 SIGNATURE UPDATE DETAILS NEW SIGNATURES There are no new signatures for this release. TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3328.0 Windows SMB/RPC NoOp Sled string-tcp medium false 3328.0 Windows SMB/RPC NoOp Sled string-tcp medium false 3328.1 Windows SMB/RPC NoOp Sled service-msrpc medium false 3328.1 Windows SMB/RPC NoOp Sled service-msrpc medium false 3328.3 Windows SMB/RPC NoOp Sled service-msrpc medium false 3328.3 Windows SMB/RPC NoOp Sled service-msrpc medium false 3402.0 BSD Telnet Daemon Buffer string-tcp high false Overflow 3402.0 BSD Telnet Daemon Buffer string-tcp high false Overflow 3402.1 BSD Telnet Daemon Buffer string-tcp high false Overflow 3402.1 BSD Telnet Daemon Buffer string-tcp high false Overflow 3402.2 BSD Telnet Daemon Buffer string-tcp high false Overflow 3402.2 BSD Telnet Daemon Buffer string-tcp high false Overflow 3402.4 BSD Telnet Daemon Buffer string-tcp high false Overflow 3402.4 BSD Telnet Daemon Buffer string-tcp high false Overflow 3550.0 POP Buffer Overflow string-tcp high false 3550.0 POP Buffer Overflow string-tcp high false 3577.0 IMAP LOGIN Command string-tcp high true Invalid Username 3577.0 IMAP LOGIN Command string-tcp high true Invalid Username 3728.0 Long pop username string-tcp medium false 3728.0 Long pop username string-tcp medium false 3729.0 Long pop password string-tcp medium false 3729.0 Long pop password string-tcp medium false 3785.0 Oracle 9i XDB FTP UNLOCK string-tcp high true Buffer Overflow 3785.0 Oracle 9i XDB FTP UNLOCK string-tcp high true Buffer Overflow 3786.0 Oracle 9i XDB FTP PASS string-tcp high true Buffer Overflow 3786.0 Oracle 9i XDB FTP PASS string-tcp high true Buffer Overflow 4511.0 Avaya SNMP Hidden service-snmp high true Community Name 4511.0 Avaya SNMP Hidden service-snmp high true Community Name 4614.0 TFTP Overflow atomic-ip high false 4614.0 TFTP Overflow atomic-ip high false 5114.0 WWW IIS Unicode Attack service-http high false 5114.0 WWW IIS Unicode Attack service-http high false 5114.1 WWW IIS Unicode Attack service-http high false 5114.1 WWW IIS Unicode Attack service-http high false 5114.2 WWW IIS Unicode Attack service-http high false 5114.2 WWW IIS Unicode Attack service-http high false 5114.3 WWW IIS Unicode Attack service-http high false 5114.3 WWW IIS Unicode Attack service-http high false 5114.4 WWW IIS Unicode Attack service-http high false 5114.4 WWW IIS Unicode Attack service-http high false 5114.5 WWW IIS Unicode Attack service-http high false 5114.5 WWW IIS Unicode Attack service-http high false 5114.6 WWW IIS Unicode Attack service-http high false 5114.6 WWW IIS Unicode Attack service-http high false 5114.7 WWW IIS Unicode Attack service-http high false 5114.7 WWW IIS Unicode Attack service-http high false 5114.8 WWW IIS Unicode Attack service-http high false 5114.8 WWW IIS Unicode Attack service-http high false 5429.0 WINS Replication Protocol string-tcp high false Buffer Overflow 5429.0 WINS Replication Protocol string-tcp high false Buffer Overflow 5429.1 WINS Replication Protocol string-tcp high false Buffer Overflow 5429.1 WINS Replication Protocol string-tcp high false Buffer Overflow 5436.0 RXBot Activity string-tcp high true 5436.0 RXBot Activity string-tcp high true 5436.1 RXBot Activity string-tcp high true 5436.1 RXBot Activity string-tcp high true 5467.0 Computer Associates string-tcp medium false License Suite PUTOLF Directory Traversal 5467.0 Computer Associates string-tcp medium false License Suite PUTOLF Directory Traversal 5488.0 Icecast Server HTTP string-tcp high true Header Buffer Overflow 5488.0 Icecast Server HTTP string-tcp high true Header Buffer Overflow 5525.0 Outlook Express Overflow string-tcp high true 5525.0 Outlook Express Overflow string-tcp high true 5560.0 MailEnable IMAP Overflow string-tcp high false 5560.0 MailEnable IMAP Overflow string-tcp high false 5594.0 Samba call_trans2open service-smb-ad high false Overflow vanced 5594.0 Samba call_trans2open service-smb-ad high false Overflow vanced 5595.0 Windows Startup Folder service-smb-ad high true Remote Access vanced 5595.0 Windows Startup Folder service-smb-ad high true Remote Access vanced 5601.0 Windows LSASS RPC Overflow service-msrpc high true 5601.0 Windows LSASS RPC Overflow service-msrpc high true 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5636.0 vBulletin Template PHP service-http high false Code Injection Vulnerability 5636.0 vBulletin Template PHP service-http high false Code Injection Vulnerability 5743.0 PeerCast Buffer Overflow string-tcp high true 5743.0 PeerCast Buffer Overflow string-tcp high true 5764.0 ShixxNOTE Font Buffer string-tcp high false Overflow 5764.0 ShixxNOTE Font Buffer string-tcp high false Overflow 5769.0 Malformed HTTP Request string-tcp medium false 5769.0 Malformed HTTP Request string-tcp medium false 5769.1 Malformed HTTP Request string-tcp medium false 5769.1 Malformed HTTP Request string-tcp medium false 5802.0 MHTML URI Buffer Overflow string-tcp high false 5802.0 MHTML URI Buffer Overflow string-tcp high false 5817.0 ASP .NET Cross Site string-tcp high true Scripting 5817.0 ASP .NET Cross Site string-tcp high true Scripting 6246.0 Gateway Weblaunch Activex string-tcp high false Control 6246.0 Gateway Weblaunch Activex string-tcp high false Control 6794.0 CA BrightStor ARCserve meta high true Backup Listservcntrl ActiveX Overflow 6794.0 CA BrightStor ARCserve meta high true Backup Listservcntrl ActiveX Overflow CAVEATS Patch 6.0(5p2)E3 is now available. This patch resolves CSCsy77167 and can be obtained by contacting Cisco TAC. Modified signature(s) detail: CSCsz29091 Older IPS signature Retirements 3328-0 3328-1 3328-3 3402-4 3402-1 3402-2 3402-0 3550-0 5114-8 5114-3 5114-5 5114-2 5114-0 5114-6 5114-4 5114-7 5114-1 5802-0 5764-0 5769-0 5769-1 5636-0 5429-1 5429-0 5467-0 3729-0 3728-0 4614-0 5560-0 5594-0 6246-0 CSCsz29118 IPS Signature sfr increase 5817-0 5743-0 5601-0 5601-1 5488-0 5525-0 5436-1 5436-0 5595-0 3577-0 3786-0 3785-0 4511-0 6794-0 ================================================================================================= S400 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16933.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16933.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16956.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16956.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16957.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16957.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16958.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16958.0 Microsoft PowerPoint string-tcp high true Remote Code Execution 16977.0 Microsoft Powerpoint File string-tcp high true Parsing Vulnerability 16977.0 Microsoft Powerpoint File string-tcp high true Parsing Vulnerability 17077.0 PowerPoint Legacy File string-tcp high true Format 17077.0 PowerPoint Legacy File string-tcp high true Format 17077.1 PowerPoint Legacy File string-tcp high true Format 17077.1 PowerPoint Legacy File string-tcp high true Format 17077.2 PowerPoint Legacy File string-tcp high true Format 17077.2 PowerPoint Legacy File string-tcp high true Format 17127.0 Microsoft PowerPoint RCE string-tcp high true Vulnerability 17127.0 Microsoft PowerPoint RCE string-tcp high true Vulnerability 17146.0 PowerPoint 4.0 Legacy string-tcp high true File Format Vulnerability 17146.0 PowerPoint 4.0 Legacy string-tcp high true File Format Vulnerability 17152.0 PowerPoint Legacy File string-tcp high true Format Vulnerability 17152.0 PowerPoint Legacy File string-tcp high true Format Vulnerability 17153.0 Microsoft PowerPoint RCE string-tcp high true Vulnerability 17153.0 Microsoft PowerPoint RCE string-tcp high true Vulnerability 17155.0 Malicious Microsoft string-tcp high true PowerPoint File Exploit 17155.0 Malicious Microsoft string-tcp high true PowerPoint File Exploit TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S399 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6703.0 Snort SACK TCP Option service-generi low false Handling Denial of c Service Details 6703.0 Snort SACK TCP Option service-generi low false Handling Denial of c Service Details 15773.0 Adobe Flash Player string-tcp high true Invalid Object Reference Vulnerability 15773.0 Adobe Flash Player string-tcp high true Invalid Object Reference Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3234.1 IE Local Trusted Resource service-http high true Execution 3234.1 IE Local Trusted Resource service-http high true Execution 3326.0 Windows Startup Folder string-tcp medium false Remote Access 3326.0 Windows Startup Folder string-tcp medium false Remote Access 3402.3 BSD Telnet Daemon Buffer string-tcp high false Overflow 3402.3 BSD Telnet Daemon Buffer string-tcp high false Overflow 3525.0 IMAP Authenticate Buffer string-tcp high false Overflow 3525.0 IMAP Authenticate Buffer string-tcp high false Overflow 3576.0 INN Control Message string-tcp high false Exploit 3576.0 INN Control Message string-tcp high false Exploit 3739.0 Nullsoft SHOUTcast Format service-http high false String Attack 3739.0 Nullsoft SHOUTcast Format service-http high false String Attack 5307.0 Mercantec Softcart service-http high false Overflow 5307.0 Mercantec Softcart service-http high false Overflow 5444.0 MySQL MaxDB WebAgent string-tcp high false logon Buffer Overflow 5444.0 MySQL MaxDB WebAgent string-tcp high false logon Buffer Overflow 5587.0 Microsoft Windows 9x service-smb-ad high false NetBIOS NULL Name vanced Vulnerability 5587.0 Microsoft Windows 9x service-smb-ad high false NetBIOS NULL Name vanced Vulnerability 5718.0 VERITAS NetBackup Volume string-tcp high false Manager Daemon Buffer Overflow 5718.0 VERITAS NetBackup Volume string-tcp high false Manager Daemon Buffer Overflow 5723.0 Microsoft IIS .dll DoS service-http medium false 5723.0 Microsoft IIS .dll DoS service-http medium false 5798.0 Mambo PHP sbp File service-http high false Inclusion Vulnerability 5798.0 Mambo PHP sbp File service-http high false Inclusion Vulnerability 5833.0 Quicktime RTSP URL string-tcp high false Vulnerability 5833.0 Quicktime RTSP URL string-tcp high false Vulnerability 6013.1 IRCBOT_JK DNS Lookup atomic-ip high false 6013.1 IRCBOT_JK DNS Lookup atomic-ip high false 6302.0 General Loki ICMP traffic-icmp high false Tunneling 6302.0 General Loki ICMP traffic-icmp high false Tunneling 6788.0 SonicWALL SSL VPN Client meta high false Remote ActiveX Vulnerability 6788.0 SonicWALL SSL VPN Client meta high false Remote ActiveX Vulnerability 6788.1 SonicWALL SSL VPN Client string-tcp informational false Remote ActiveX Vulnerabilities 6788.1 SonicWALL SSL VPN Client string-tcp informational false Remote ActiveX Vulnerabilities 6788.2 SonicWALL SSL VPN Client string-tcp informational false Remote ActiveX Vulnerability 6788.2 SonicWALL SSL VPN Client string-tcp informational false Remote ActiveX Vulnerability 6788.3 SonicWALL SSL VPN Client meta high false Remote ActiveX Vulnerabilities 6788.3 SonicWALL SSL VPN Client meta high false Remote ActiveX Vulnerabilities 6788.4 SonicWALL SSL VPN Client string-tcp medium false Remote ActiveX Vulnerability 6788.4 SonicWALL SSL VPN Client string-tcp medium false Remote ActiveX Vulnerability 6922.0 VBScript/JScript Remote string-tcp high true Code Execution 6922.0 VBScript/JScript Remote string-tcp high true Code Execution 7301.0 Excel Global Array Memory string-tcp high true Corruption 7301.0 Excel Global Array Memory string-tcp high true Corruption CAVEATS None. Modified signature(s) detail: CSCsz29091 - Older IPS signature Reitrements 6788-4 6788-2 6788-0 6788-3 6788-1 6302-0 6013-1 5833-0 5798-0 5723-0 5718-0 5587-0 5444-0 5307-0 3739-0 3576-0 3525-0 3402-3 3326-0 CSCsy55875 Signature sfr increase - now blocking 3234-1 Changed regex - did not fire in s385 7301-0 Excel Global Array Memory Corruption ================================================================================================= S398 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16953.0 Shockwave File Processing string-tcp medium true Arbitrary File Upload 16953.0 Shockwave File Processing string-tcp medium true Arbitrary File Upload TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S397 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3408.1 Telnet Client LINEMODE string-tcp high false SLC Option Overflow 3408.1 Telnet Client LINEMODE string-tcp high false SLC Option Overflow 6133.0 Microsoft Excel Cell string-tcp high false Length Buffer Overflow CVE-2004-0846 6133.0 Microsoft Excel Cell string-tcp high false Length Buffer Overflow CVE-2004-0846 6141.0 Macromedia JRun 4.x service-http low false Server File Disclosure 6141.0 Macromedia JRun 4.x service-http low false Server File Disclosure 6165.0 nfs-utils TCP Connection string-tcp medium false Termination Denial of Service 6165.0 nfs-utils TCP Connection string-tcp medium false Termination Denial of Service 6170.0 Novell eDirectory string-tcp high false evtFilteredMonitorEventsR- equest Function Overflow 6170.0 Novell eDirectory string-tcp high false evtFilteredMonitorEventsR- equest Function Overflow 6173.0 Empty DNS Query atomic-ip medium false 6173.0 Empty DNS Query atomic-ip medium false 6245.0 IBM Tivoli Storage string-tcp high false Manager Initial Sign-on Request Buffer Overflow 6245.0 IBM Tivoli Storage string-tcp high false Manager Initial Sign-on Request Buffer Overflow 6247.0 Sun Microsystems Java GIF string-tcp high false File Handling Memory Corruption 6247.0 Sun Microsystems Java GIF string-tcp high false File Handling Memory Corruption 6248.0 HP Mercury Loadrunner string-tcp high false Agent Command Processing Buffer Overflow 6248.0 HP Mercury Loadrunner string-tcp high false Agent Command Processing Buffer Overflow 6430.0 Microsoft Internet string-tcp medium false Explorer CSS Memory Corruption 6430.0 Microsoft Internet string-tcp medium false Explorer CSS Memory Corruption 6457.0 Lotus Notes URI Handler string-tcp high false Argument Injection 6457.0 Lotus Notes URI Handler string-tcp high false Argument Injection 6466.0 Squid WCCP Message atomic-ip low false Parsing Denial of Service 6466.0 Squid WCCP Message atomic-ip low false Parsing Denial of Service 6467.0 Mozilla Firefox Click string-tcp low false Event Classification Vulnerability 6467.0 Mozilla Firefox Click string-tcp low false Event Classification Vulnerability 6468.0 Multiple Vendor AV string-tcp high false Gateway Virus Detection Bypass 6468.0 Multiple Vendor AV string-tcp high false Gateway Virus Detection Bypass 6496.0 Microsoft Internet string-tcp high false Explorer URL Spoofing Vulnerability Details 6496.0 Microsoft Internet string-tcp high false Explorer URL Spoofing Vulnerability Details 6710.0 Macromedia Flash Player string-tcp medium false LoadMovie DoS 6710.0 Macromedia Flash Player string-tcp medium false LoadMovie DoS 6727.0 Nullsoft Winamp Midi File string-tcp high false Header Handling Buffer Overflow 6727.0 Nullsoft Winamp Midi File string-tcp high false Header Handling Buffer Overflow 6727.1 Nullsoft Winamp Midi File string-tcp high false Header Handling Buffer Overflow 6727.1 Nullsoft Winamp Midi File string-tcp high false Header Handling Buffer Overflow 7420.0 Microsoft Help Workshop string-tcp medium false HPJ OPTIONS Section Buffer Overflow 7420.0 Microsoft Help Workshop string-tcp medium false HPJ OPTIONS Section Buffer Overflow 15012.0 Oracle BEA WebLogic service-http medium true Server Apache Connector Buffer Overflow 15012.0 Oracle BEA WebLogic service-http medium true Server Apache Connector Buffer Overflow 15574.0 SoftEther P2P Activity fixed-tcp informational false 15574.0 SoftEther P2P Activity fixed-tcp informational false 16035.0 Iseemedia LPViewer meta high false ActiveX Buffer Overflows 16035.0 Iseemedia LPViewer meta high false ActiveX Buffer Overflows 16035.1 Iseemedia LPViewer string-tcp informational false ActiveX Buffer Overflows 16035.1 Iseemedia LPViewer string-tcp informational false ActiveX Buffer Overflows 16038.0 Adobe Flash Insufficient string-tcp high false Data Validation Buffer Overflow 16038.0 Adobe Flash Insufficient string-tcp high false Data Validation Buffer Overflow 16096.0 IBM SolidDB Format String string-tcp medium false Bug 16096.0 IBM SolidDB Format String string-tcp medium false Bug 16553.0 MailEnable SMTP Service string-tcp low true VRFY/EXPN Command DoS 16553.0 MailEnable SMTP Service string-tcp low true VRFY/EXPN Command DoS 16793.0 Adobe Reader getAnnots() meta high true Remote Code Execution 16793.0 Adobe Reader getAnnots() meta high true Remote Code Execution 16793.1 Adobe Reader getAnnots() string-tcp informational true Remote Code Execution 16793.1 Adobe Reader getAnnots() string-tcp informational true Remote Code Execution 16813.0 Adobe Reader meta high true customDictionaryOpen Buffer Overflow 16813.0 Adobe Reader meta high true customDictionaryOpen Buffer Overflow 16813.1 Adobe Reader string-tcp informational true customDictionaryOpen Buffer Overflow 16813.1 Adobe Reader string-tcp informational true customDictionaryOpen Buffer Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 2158.0 Nachi Worm ICMP Echo atomic-ip high true Request 2158.0 Nachi Worm ICMP Echo atomic-ip high true Request 3143.0 BERBEW Trojan Activity string-tcp high true 3143.0 BERBEW Trojan Activity string-tcp high true 3169.0 FTP SITE EXEC tar string-tcp high true 3169.0 FTP SITE EXEC tar string-tcp high true 3178.0 Denial Of Service in string-tcp high true Microsoft SMS Client 3178.0 Denial Of Service in string-tcp high true Microsoft SMS Client 3333.0 SMB MSRPC Messenger string-tcp high true Overflow 3333.0 SMB MSRPC Messenger string-tcp high true Overflow 3342.0 Windows NetDDE Overflow service-smb high true 3342.0 Windows NetDDE Overflow service-smb high true 3342.1 Windows NetDDE Overflow string-tcp high true 3342.1 Windows NetDDE Overflow string-tcp high true 3347.2 Windows ASN.1 Library Bit service-http high true String Heap Corruption 3347.2 Windows ASN.1 Library Bit service-http high true String Heap Corruption 3406.0 Solaris TTYPROMPT string-tcp high true /bin/login Overflow 3406.0 Solaris TTYPROMPT string-tcp high true /bin/login Overflow 3527.1 UW imapd Overflows string-tcp high false 3527.1 UW imapd Overflows string-tcp high false 3527.4 UW imapd Overflows string-tcp high false 3527.4 UW imapd Overflows string-tcp high false 3884.0 Cfengine Authentication string-tcp high true Heap Based Buffer Overflow 3884.0 Cfengine Authentication string-tcp high true Heap Based Buffer Overflow 5435.0 Crystal Reports Remote string-tcp high false Code Execution 5435.0 Crystal Reports Remote string-tcp high false Code Execution 5438.0 Cisco IOS Call Processing string-tcp medium false Solutions DoS 5438.0 Cisco IOS Call Processing string-tcp medium false Solutions DoS 5455.0 Arkeia Type 77 Request string-tcp high false Buffer Overflow 5455.0 Arkeia Type 77 Request string-tcp high false Buffer Overflow 5464.1 Computer Associates string-tcp high false License Suite Network Buffer Overflow 5464.1 Computer Associates string-tcp high false License Suite Network Buffer Overflow 5469.0 TrackerCam PHP Argument service-http high false Overflow 5469.0 TrackerCam PHP Argument service-http high false Overflow 5487.0 IA WebMail Buffer Overflow service-http high false 5487.0 IA WebMail Buffer Overflow service-http high false 5684.0 Malformed SIP Packet atomic-ip medium false 5684.0 Malformed SIP Packet atomic-ip medium false 5825.0 SIP Malformed Invite atomic-ip medium false Packet 5825.0 SIP Malformed Invite atomic-ip medium false Packet 6222.0 HP OpenView Client string-tcp high false Configuration Manager Radia Notify Daemon Code Execution 6222.0 HP OpenView Client string-tcp high false Configuration Manager Radia Notify Daemon Code Execution 6969.0 Microsoft Word Smart Tag string-tcp high true Corruption Exploit 6969.0 Microsoft Word Smart Tag string-tcp high true Corruption Exploit CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S396 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6166.0 Novell eDirectory HTTP service-http high false Server Redirection Buffer Overflow 6166.0 Novell eDirectory HTTP service-http high false Server Redirection Buffer Overflow 6169.0 mod_tcl Module Format string-tcp high false String Vulnerability 6169.0 mod_tcl Module Format string-tcp high false String Vulnerability 6238.0 GNU RADIUS SQL Accounting atomic-ip high false Format String Vulnerability 6238.0 GNU RADIUS SQL Accounting atomic-ip high false Format String Vulnerability 6240.0 IMAP LOGIN Negative Value string-tcp high false 6240.0 IMAP LOGIN Negative Value string-tcp high false 6243.0 Sun JRE Abstract string-tcp high false Windowing Toolkit Module Memory Corruption 6243.0 Sun JRE Abstract string-tcp high false Windowing Toolkit Module Memory Corruption 6976.1 Microsoft Powerpoint 2003 string-tcp high false Viewer Buffer Overflow 6976.1 Microsoft Powerpoint 2003 string-tcp high false Viewer Buffer Overflow 15255.0 PacketiX Network Traffic atomic-ip informational false 15255.0 PacketiX Network Traffic atomic-ip informational false 15913.0 Linux Kernel nfsd atomic-ip medium true Subsystem Buffer Overflow 15913.0 Linux Kernel nfsd atomic-ip medium true Subsystem Buffer Overflow 15993.0 Mozilla Firefox SVG string-tcp high true Memory Corruption 15993.0 Mozilla Firefox SVG string-tcp high true Memory Corruption 15994.0 BitDefender Adobe PDF string-tcp high true Memory Corruption Vulnerability 15994.0 BitDefender Adobe PDF string-tcp high true Memory Corruption Vulnerability 15996.0 Apple QuickTime VR Track string-tcp high true Header Atom Corruption 15996.0 Apple QuickTime VR Track string-tcp high true Header Atom Corruption 16153.0 Apple QuickTime MOV File string-tcp high false HREFTrack Cross-Zone Scripting 16153.0 Apple QuickTime MOV File string-tcp high false HREFTrack Cross-Zone Scripting 16194.0 PacketiX VPN Connection fixed-tcp low false 16194.0 PacketiX VPN Connection fixed-tcp low false 16473.1 Internet Explorer Memory string-tcp high true Corruption Vulnerability 16473.1 Internet Explorer Memory string-tcp high true Corruption Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3118.0 rwhoisd format string string-tcp high false 3118.0 rwhoisd format string string-tcp high false 3155.0 FTP RETR Pipe Filename string-tcp medium false Command Execution 3155.0 FTP RETR Pipe Filename string-tcp medium false Command Execution 3180.0 BakBone NetVault Remote string-tcp high false Heap Overflow 3180.0 BakBone NetVault Remote string-tcp high false Heap Overflow 3336.0 Windows ASN.1 Bit String string-tcp high false NTLMv2 Integer Overflow 3336.0 Windows ASN.1 Bit String string-tcp high false NTLMv2 Integer Overflow 3352.0 Samba Fragment string-tcp high false Reassembly Overflow 3352.0 Samba Fragment string-tcp high false Reassembly Overflow 3714.0 Oracle TNS 'Service_Name' string-tcp high false Overflow 3714.0 Oracle TNS 'Service_Name' string-tcp high false Overflow 3788.0 Solaris LPD Remote string-tcp high false Command Execution 3788.0 Solaris LPD Remote string-tcp high false Command Execution 4501.0 CVCO/4K Remote Username / service-snmp medium false Password Retrieve 4501.0 CVCO/4K Remote Username / service-snmp medium false Password Retrieve 4614.1 TFTP Overflow atomic-ip high false 4614.1 TFTP Overflow atomic-ip high false 4617.0 PoPToP PPtP Short Length string-tcp high false Overflow 4617.0 PoPToP PPtP Short Length string-tcp high false Overflow 4617.1 PoPToP PPtP Short Length string-tcp high false Overflow 4617.1 PoPToP PPtP Short Length string-tcp high false Overflow 5365.0 Long WebDAV Request string-tcp high false 5365.0 Long WebDAV Request string-tcp high false 5433.0 Jabberd Username Overflow string-tcp high false 5433.0 Jabberd Username Overflow string-tcp high false 5458.0 WebConnect MS-DOS Device service-http medium false Name DoS 5458.0 WebConnect MS-DOS Device service-http medium false Name DoS 5465.0 Computer Associates string-tcp high false License Suite Checksum Buffer Overflow 5465.0 Computer Associates string-tcp high false License Suite Checksum Buffer Overflow 5478.0 Microsoft Exchange SMTP string-tcp high false Overflow 5478.0 Microsoft Exchange SMTP string-tcp high false Overflow 5480.0 MySQL MaxDB WebDAV If string-tcp high false Header Overflow 5480.0 MySQL MaxDB WebDAV If string-tcp high false Header Overflow 5549.0 Evolution Message Size string-tcp high false Overflow 5549.0 Evolution Message Size string-tcp high false Overflow 5574.0 OpenView Network Node service-http high false Manager Command Injection 5574.0 OpenView Network Node service-http high false Manager Command Injection 5598.1 Windows Workstation service-smb-ad high false Service Overflow vanced 5598.1 Windows Workstation service-smb-ad high false Service Overflow vanced 5648.1 Tomcat Denial of Service string-tcp medium false Attack 5648.1 Tomcat Denial of Service string-tcp medium false Attack 5672.0 Computer Associates string-tcp high false Message Queuing Buffer Overflow 5672.0 Computer Associates string-tcp high false Message Queuing Buffer Overflow 5720.0 Lyris ListManager SQL service-http high false Command Injection 5720.0 Lyris ListManager SQL service-http high false Command Injection 5740.0 Kerio Personal Firewall string-tcp high false Remote Authentication Buffer Overflow 5740.0 Kerio Personal Firewall string-tcp high false Remote Authentication Buffer Overflow 5892.0 Motive Communications string-tcp high false ActiveUtils Buffer Overflow 5892.0 Motive Communications string-tcp high false ActiveUtils Buffer Overflow 5913.0 PIX/ASA/FWSM MGCP DoS multi-string medium false 5913.0 PIX/ASA/FWSM MGCP DoS multi-string medium false 6007.0 Management Console string-tcp high false Cross-Site Scripting 6007.0 Management Console string-tcp high false Cross-Site Scripting 6012.0 EIQ License Buffer string-tcp high false Overflow 6012.0 EIQ License Buffer string-tcp high false Overflow 6268.0 HP Openview Network Node string-tcp high false Manager Buffer Overflow 6268.0 HP Openview Network Node string-tcp high false Manager Buffer Overflow 6504.0 Stacheldraht Server Reply traffic-icmp medium false 6504.0 Stacheldraht Server Reply traffic-icmp medium false CAVEATS There is a defect present (CSCsy77167) in the memory manager that is causing unused memory to not be returned during a signature update as designed. This could cause the sensor to fail the signature update. As a short-term solution, rebooting the sensor after the failures will recover the system. The IPS Engineering team is working on a patch for this issue. Modified signature(s) detail: Signatures 6504-0, 6268-0, 6166-0, 6012-0, 5574-0, 5598-1, 5648-1, 5672-0, 5720-0, 5740-0, 5892-0, 5913-0, 6007-0, 5549-0, 5480-0, 5478-0, 5465-0, 5458-0, 5433-0, 5365-0, 4617-1, 4617-0, 4614-1, 4501-0, 3788-0, 3714-0, 3352-0, 3336-0, 3180-0, 3155-0, 3118-0 have been retired due to age. ================================================================================================= S395 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6230.0 F-Secure Products Web string-tcp high false Console Buffer Overflow 6230.0 F-Secure Products Web string-tcp high false Console Buffer Overflow 6231.0 Citrix Presentation string-tcp medium false Server IMA 6231.0 Citrix Presentation string-tcp medium false Server IMA 6233.0 Computer Associates string-tcp high false BrightStor ARCserve Backup Tape Engine Service 6233.0 Computer Associates string-tcp high false BrightStor ARCserve Backup Tape Engine Service 6237.0 MailEnable IMAP Service string-tcp high false Login Overflow 6237.0 MailEnable IMAP Service string-tcp high false Login Overflow 6711.0 Microsoft Internet service-http low false Explorer Image Download Spoofing 6711.0 Microsoft Internet service-http low false Explorer Image Download Spoofing 6717.0 Microsoft Internet string-tcp low false Explorer Status Bar URL Spoofing 6717.0 Microsoft Internet string-tcp low false Explorer Status Bar URL Spoofing 6718.0 Multiple AV Vendor string-tcp low false Invalid Archive Checksum 6718.0 Multiple AV Vendor string-tcp low false Invalid Archive Checksum 6722.0 Oracle Application Server service-http medium false 10g emagent.exe Stack Buffer Overflow 6722.0 Oracle Application Server service-http medium false 10g emagent.exe Stack Buffer Overflow 15002.0 TeamViewer Activity atomic-ip low false 15002.0 TeamViewer Activity atomic-ip low false 15002.1 TeamViewer Activity string-tcp low false 15002.1 TeamViewer Activity string-tcp low false 15002.2 TeamViewer Activity service-http low false 15002.2 TeamViewer Activity service-http low false 15453.0 eBuddy Network Traffic atomic-ip informational false 15453.0 eBuddy Network Traffic atomic-ip informational false 15453.1 eBuddy Network Traffic service-http informational false 15453.1 eBuddy Network Traffic service-http informational false 15997.0 Apple CUPS SGI Image RLE string-tcp high false Memory Corruption 15997.0 Apple CUPS SGI Image RLE string-tcp high false Memory Corruption 16114.0 IBM Tivoli Storage string-tcp high false Manager Express Backup Heap Corruption 16114.0 IBM Tivoli Storage string-tcp high false Manager Express Backup Heap Corruption TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3526.0 Imap Login Buffer Overflow string-tcp high false 3526.0 Imap Login Buffer Overflow string-tcp high false 5464.0 Computer Associates string-tcp high false License Suite Network Buffer Overflow 5464.0 Computer Associates string-tcp high false License Suite Network Buffer Overflow 5481.0 MySQL MaxDB WebDBM service-http high false Overflow 5481.0 MySQL MaxDB WebDBM service-http high false Overflow 5754.0 PAJAX Remote Code service-http high true Execution Vulnerability 5754.0 PAJAX Remote Code service-http high true Execution Vulnerability 5850.0 Snort DCE/RPC atomic-ip high true Preprocessor Vulnerability 5850.0 Snort DCE/RPC atomic-ip high true Preprocessor Vulnerability 6269.0 HP Openview Operations string-tcp high true Buffer Overflow 6269.0 HP Openview Operations string-tcp high true Buffer Overflow 6517.0 Malformed Via Header atomic-ip high true 6517.0 Malformed Via Header atomic-ip high true 6798.0 HP StorageWorks Buffer string-tcp high true Overflow 6798.0 HP StorageWorks Buffer string-tcp high true Overflow 16296.0 Potential Conficker service-http high false Command And Control Request 16296.0 Potential Conficker service-http high false Command And Control Request CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S394 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6157.0 MIT Kerberos Kadmind string-tcp high false Remote Code Injection 6157.0 MIT Kerberos Kadmind string-tcp high false Remote Code Injection 6159.0 Microsoft Windows Active string-tcp medium false Directory Crafted LDAP Request DoS 6159.0 Microsoft Windows Active string-tcp medium false Directory Crafted LDAP Request DoS 6160.0 Microsoft Windows Active string-tcp high false Directory Crafted LDAP Buffer Overflow 6160.0 Microsoft Windows Active string-tcp high false Directory Crafted LDAP Buffer Overflow 6161.0 Ingres Database string-tcp high false Communications Server Component Buffer Overflow 6161.0 Ingres Database string-tcp high false Communications Server Component Buffer Overflow 6174.0 OpenLDAP Server BIND string-tcp medium false Request Denial of Service 6174.0 OpenLDAP Server BIND string-tcp medium false Request Denial of Service 6222.0 HP OpenView Client string-tcp high false Configuration Manager Radia Notify Daemon Code Executionmu: HP OpenView Client Configuration Manager Radia Notify Daemon Code Execution 6222.0 HP OpenView Client string-tcp high false Configuration Manager Radia Notify Daemon Code Executionmu: HP OpenView Client Configuration Manager Radia Notify Daemon Code Execution 6223.0 Citrix MetaFrame IMA string-tcp high false Authentication Processing Buffer Overflow 6223.0 Citrix MetaFrame IMA string-tcp high false Authentication Processing Buffer Overflow 6225.0 KAME IKE raccoon HASH atomic-ip medium false 6225.0 KAME IKE raccoon HASH atomic-ip medium false 6225.1 KAME IKE raccoon HASH atomic-ip medium false 6225.1 KAME IKE raccoon HASH atomic-ip medium false 6488.0 Symantec Veritas string-tcp high false NetBackup Command Chaining 6488.0 Symantec Veritas string-tcp high false NetBackup Command Chaining 6702.0 Microsoft SQL Server 7 string-tcp high false TDS Denial Of Service 6702.0 Microsoft SQL Server 7 string-tcp high false TDS Denial Of Service 6705.0 Internet Explorer Drag string-tcp high false And Drop Vulnerability 6705.0 Internet Explorer Drag string-tcp high false And Drop Vulnerability 15000.0 GoToMyPC Activity atomic-ip low false 15000.0 GoToMyPC Activity atomic-ip low false 16219.0 Mozilla Firefox XSL string-tcp high true Parsing Remote Memory Corruption 16219.0 Mozilla Firefox XSL string-tcp high true Parsing Remote Memory Corruption TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3109.0 Long SMTP Command state high false 3109.0 Long SMTP Command state high false 3129.0 Mimail Virus C Variant state medium false File Attachment 3129.0 Mimail Virus C Variant state medium false File Attachment 3234.0 IE Local Trusted Resource service-http high true Execution 3234.0 IE Local Trusted Resource service-http high true Execution 3250.0 TCP Hijack normalizer high true 3250.0 TCP Hijack normalizer high true 3339.0 Windows System32 service-smb medium false Directory File Creation 3339.0 Windows System32 service-smb medium false Directory File Creation 3528.0 IPSwitch IMail DELETE string-tcp high false Command Overflow 3528.0 IPSwitch IMail DELETE string-tcp high false Command Overflow 3529.0 IMAP Long EXAMINE Command string-tcp high true 3529.0 IMAP Long EXAMINE Command string-tcp high true 3789.0 DistCC Daemon Command string-tcp high false Execution 3789.0 DistCC Daemon Command string-tcp high false Execution 5464.2 Computer Associates string-tcp high false License Suite Network Buffer Overflow 5464.2 Computer Associates string-tcp high false License Suite Network Buffer Overflow 5466.0 Computer Associates string-tcp high true License Suite PUTOLF Buffer Overflow 5466.0 Computer Associates string-tcp high true License Suite PUTOLF Buffer Overflow 5484.0 Sambar Server Search service-http high true Overflow 5484.0 Sambar Server Search service-http high true Overflow 5505.0 RIP Trace atomic-ip high false 5505.0 RIP Trace atomic-ip high false 5803.0 Sygate Login Servlet SQL service-http high true Injection 5803.0 Sygate Login Servlet SQL service-http high true Injection 5866.0 IBM Lotus Domino IMAP string-tcp high true CRAM-MD5 Overflow 5866.0 IBM Lotus Domino IMAP string-tcp high true CRAM-MD5 Overflow 6201.0 Ident Newline service-ident high true 6201.0 Ident Newline service-ident high true 6760.1 RealPlayer ActiveX Buffer string-tcp informational true Overflow 6760.1 RealPlayer ActiveX Buffer string-tcp informational true Overflow 7298.0 MS Visual Basic Flexgrid meta high true Control Buffer Overflow 7298.0 MS Visual Basic Flexgrid meta high true Control Buffer Overflow 7298.1 MS Visual Basic Flexgrid string-tcp informational true Control Buffer Overflow 7298.1 MS Visual Basic Flexgrid string-tcp informational true Control Buffer Overflow 15634.0 Cisco ACE Crafted SSH string-tcp high true Packet Vulnerability 15634.0 Cisco ACE Crafted SSH string-tcp high true Packet Vulnerability 15653.0 Crafted SNMPv3 packet may atomic-ip high true crash ACE appliance 15653.0 Crafted SNMPv3 packet may atomic-ip high true crash ACE appliance CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S393 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16373.0 Buffer Overflow In string-tcp high true Wordpad And Office Text Converters 16373.0 Buffer Overflow In string-tcp high true Wordpad And Office Text Converters 16413.0 Microsoft Excel Remote string-tcp high true Code Execution 16413.0 Microsoft Excel Remote string-tcp high true Code Execution 16414.0 Microsoft Excel Remote string-tcp high true Code Execution 16414.0 Microsoft Excel Remote string-tcp high true Code Execution 16415.0 MS IE Remote Code string-tcp high true Execution 16415.0 MS IE Remote Code string-tcp high true Execution 16416.0 MS IE Remote Code string-tcp high true Execution 16416.0 MS IE Remote Code string-tcp high true Execution 16433.0 Microsoft Office Text string-tcp high true Converter Buffer Overflow 16433.0 Microsoft Office Text string-tcp high true Converter Buffer Overflow 16473.0 Internet Explorer Memory string-tcp high true Corruption Vulnerability 16473.0 Internet Explorer Memory string-tcp high true Corruption Vulnerability 16474.0 IE Uninitialized Memory string-tcp high true Corruption 16474.0 IE Uninitialized Memory string-tcp high true Corruption 16475.0 Microsoft Wordpad Word 97 string-tcp high true Text Converter Code Execution Vulnerability 16475.0 Microsoft Wordpad Word 97 string-tcp high true Text Converter Code Execution Vulnerability 16476.0 Windows HTTP Services meta high true Credential Reflection Vulnerability 16476.0 Windows HTTP Services meta high true Credential Reflection Vulnerability 16476.1 Windows HTTP Services atomic-ip informational true Credential Reflection Vulnerability 16476.1 Windows HTTP Services atomic-ip informational true Credential Reflection Vulnerability 16476.2 Windows HTTP Services atomic-ip informational true Credential Reflection Vulnerability 16476.2 Windows HTTP Services atomic-ip informational true Credential Reflection Vulnerability 16476.3 Windows HTTP Services atomic-ip informational true Credential Reflection Vulnerability 16476.3 Windows HTTP Services atomic-ip informational true Credential Reflection Vulnerability 16476.4 Windows HTTP Services atomic-ip informational true Credential Reflection Vulnerability 16476.4 Windows HTTP Services atomic-ip informational true Credential Reflection Vulnerability 16494.0 ISA Server Cross Site service-http medium true Scripting Vulnerability 16494.0 ISA Server Cross Site service-http medium true Scripting Vulnerability 16513.0 Microsoft DirectShow string-tcp high true MJPEG Decompression Vulnerability 16513.0 Microsoft DirectShow string-tcp high true MJPEG Decompression Vulnerability 16514.0 WordPad Word 97 Text string-tcp high true Converter Vulnerability 16514.0 WordPad Word 97 Text string-tcp high true Converter Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S392 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16294.0 ASA Crafted H.323 Packet string-tcp medium true DoS 16294.0 ASA Crafted H.323 Packet string-tcp medium true DoS 16297.1 Worm Activity - Brute meta high true Force 16297.1 Worm Activity - Brute meta high true Force 16393.0 Cisco ASA Crafted TCP service-generi medium true Packet DoS Vulnerability c 16393.0 Cisco ASA Crafted TCP service-generi medium true Packet DoS Vulnerability c TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5930.4 Generic SQL Injection service-http high true 5930.4 Generic SQL Injection service-http high true 16296.0 Potential Conficker service-http high true Command And Control Request 16296.0 Potential Conficker service-http high true Command And Control Request 16297.0 Worm Activity - Brute string-tcp informational true Force 16297.0 Worm Activity - Brute string-tcp informational true Force CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S391 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16353.0 Malformed PowerPoint File string-tcp high true Code Execution Vulnerability 16353.0 Malformed PowerPoint File string-tcp high true Code Execution Vulnerability 16354.0 Malformed PowerPoint File string-tcp high true Code Execution Vulnerability 16354.0 Malformed PowerPoint File string-tcp high true Code Execution Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S390 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16333.0 Malformed PowerPoint File string-tcp high true Code Execution Vulnerability 16333.0 Malformed PowerPoint File string-tcp high true Code Execution Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S389 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 16293.0 Conficker Worm Shellcode string-tcp high true 16293.0 Conficker Worm Shellcode string-tcp high true 16293.1 Conficker Worm Shellcode string-tcp high true 16293.1 Conficker Worm Shellcode string-tcp high true 16293.2 Conficker Worm Shellcode fixed-tcp high true 16293.2 Conficker Worm Shellcode fixed-tcp high true 16296.0 Potential Conficker service-http high true Command And Control Request 16296.0 Potential Conficker service-http high true Command And Control Request 16297.0 Worm Activity - Brute string-tcp high true Force 16297.0 Worm Activity - Brute string-tcp high true Force TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S388 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3791.1 Solaris Printd Unlink string-tcp medium false File Deletion 3791.1 Solaris Printd Unlink string-tcp medium false File Deletion 6085.0 IE Table Column Record string-tcp high false Handling 6085.0 IE Table Column Record string-tcp high false Handling 6106.0 Cisco Secure ACS EAP-TLS string-udp medium false Authentication Bypass 6106.0 Cisco Secure ACS EAP-TLS string-udp medium false Authentication Bypass 6108.0 FreeRADIUS Denial of atomic-ip medium false Service 6108.0 FreeRADIUS Denial of atomic-ip medium false Service 6135.0 Sun Solaris in.rwhod string-udp high false Buffer Overflow 6135.0 Sun Solaris in.rwhod string-udp high false Buffer Overflow 6719.0 MySQL COM_TABLE_DUMP string-tcp high false Function Stack Overflow 6719.0 MySQL COM_TABLE_DUMP string-tcp high false Function Stack Overflow 6720.0 MySQL Login Handshake string-tcp high false Information Disclosure 6720.0 MySQL Login Handshake string-tcp high false Information Disclosure 6721.0 OpenBSD ISAKMP Message atomic-ip low false Handling Denial Of Service 6721.0 OpenBSD ISAKMP Message atomic-ip low false Handling Denial Of Service 6723.0 Sun Directory Server LDAP string-tcp medium false Denial of Service Details 6723.0 Sun Directory Server LDAP string-tcp medium false Denial of Service Details 6732.0 CA BrightStor ARCServe string-tcp high true Backup LGServer Password Buffer Overflow 6732.0 CA BrightStor ARCServe string-tcp high true Backup LGServer Password Buffer Overflow 6734.0 CA ARCserve Backup string-tcp high false LGServer Multiple Buffer Overflows 6734.0 CA ARCserve Backup string-tcp high false LGServer Multiple Buffer Overflows 6735.0 Microsoft Internet multi-string medium false Explorer HHCtrl.ocx Image Property Heap Corruption 6735.0 Microsoft Internet multi-string medium false Explorer HHCtrl.ocx Image Property Heap Corruption 6736.0 Apple QuickTime FLIC string-tcp medium false Animation File Buffer Overflow Details 6736.0 Apple QuickTime FLIC string-tcp medium false Animation File Buffer Overflow Details 6737.0 OpenSSL string-tcp high false SSL_get_shared_ciphers Function Buffer Overflow 6737.0 OpenSSL string-tcp high false SSL_get_shared_ciphers Function Buffer Overflow 6739.0 Novell GroupWise string-tcp low false Messenger HTTP POST Request Invalid Memory Access 6739.0 Novell GroupWise string-tcp low false Messenger HTTP POST Request Invalid Memory Access 6740.0 Trend Micro OfficeScan string-tcp medium false Atxconsole ActiveX Control Format String 6740.0 Trend Micro OfficeScan string-tcp medium false Atxconsole ActiveX Control Format String 6742.0 Microsoft PowerPoint string-tcp medium false Malformed Record Code Execution 6742.0 Microsoft PowerPoint string-tcp medium false Malformed Record Code Execution 7246.1 Microsoft Excel string-tcp high false Spreadsheet Buffer Overflow 7246.1 Microsoft Excel string-tcp high false Spreadsheet Buffer Overflow 15133.0 XML Race Condition in string-tcp high false Internet Explorer 15133.0 XML Race Condition in string-tcp high false Internet Explorer 15954.0 CA Multiple Products string-tcp high false Console Server Buffer Overflow 15954.0 CA Multiple Products string-tcp high false Console Server Buffer Overflow 16013.0 Borland Interbase Integer string-tcp high true Overflow Vulnerability 16013.0 Borland Interbase Integer string-tcp high true Overflow Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3003.0 TCP Frag SYN Port Sweep sweep high true 3003.0 TCP Frag SYN Port Sweep sweep high true 3157.0 FTP PASV Port Spoof service-ftp high true 3157.0 FTP PASV Port Spoof service-ftp high true 3180.1 BakBone NetVault Remote string-tcp high false Heap Overflow 3180.1 BakBone NetVault Remote string-tcp high false Heap Overflow 3251.0 TCP Hijack Simplex Mode normalizer high false 3251.0 TCP Hijack Simplex Mode normalizer high false 3408.0 Telnet Client LINEMODE string-tcp high false SLC Option Overflow 3408.0 Telnet Client LINEMODE string-tcp high false SLC Option Overflow 3534.0 IMAP Long AUTHENTICATE string-tcp high true Command 3534.0 IMAP Long AUTHENTICATE string-tcp high true Command 5463.0 Computer Associates string-tcp high false License Software GETCONFIG Buffer Overflow 5463.0 Computer Associates string-tcp high false License Software GETCONFIG Buffer Overflow 5569.0 MDaemon Imap string-tcp high true Authentication Overflow 5569.0 MDaemon Imap string-tcp high true Authentication Overflow 5602.0 Windows System32 service-smb-ad medium true Directory File Access vanced 5602.0 Windows System32 service-smb-ad medium true Directory File Access vanced 6008.0 First 4 Internet XCP string-tcp high false Uninstallation ActiveX Control 6008.0 First 4 Internet XCP string-tcp high false Uninstallation ActiveX Control CAVEATS None. Modified signature(s) detail: SFR has been increased for the following sigs: 3003-0 TCP Frag SYN Port Sweep 3157-0 FTP PASV Port Spoof 3534-0 IMAP Long AUTHENTICATE Command The following sigs have been retired: 3180-1 BakBone NetVault Remote Heap Overflow 3251-0 TCP Hijack Simplex Mode 3408-0 Telnet Client LINEMODE SLC Option Overflow 5463-0 Computer Associates License Software GETCONFIG Buffer Overflow 6008-0 First 4 Internet XCP Uninstallation ActiveX Control The following sigs have been modified to increase fidelity: 5569-0 MDaemon Imap Authentication Overflow 5602-0 Windows System32 Directory File Access ================================================================================================= S387 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5908.3 NNTP Overflow string-tcp high false 5908.3 NNTP Overflow string-tcp high false 6080.0 Adobe Products PNG Parsing string-tcp high false 6080.0 Adobe Products PNG Parsing string-tcp high false 6081.0 Microsoft Excel BIFF string-tcp high false Parsing 6081.0 Microsoft Excel BIFF string-tcp high false Parsing 6082.0 Microsoft Excel Column string-tcp high false Record Handling 6082.0 Microsoft Excel Column string-tcp high false Record Handling 6083.0 Microsoft Excel SetFont string-tcp high false 6083.0 Microsoft Excel SetFont string-tcp high false 6084.0 IE 7 HTML Object Memory string-tcp high false Corruption 6084.0 IE 7 HTML Object Memory string-tcp high false Corruption 6107.0 CVS File Existence string-tcp medium false Information Disclosure 6107.0 CVS File Existence string-tcp medium false Information Disclosure 6119.0 MySQL Authentication string-tcp high false Vulnerability 6119.0 MySQL Authentication string-tcp high false Vulnerability 6132.0 Mod SSL- Mod Proxy Hook string-tcp high false Format String 6132.0 Mod SSL- Mod Proxy Hook string-tcp high false Format String 6143.0 Borland Interbase string-tcp high false Database Service Create-Request Buffer Overflow 6143.0 Borland Interbase string-tcp high false Database Service Create-Request Buffer Overflow 6144.0 X.Org X Font Server string-tcp high false Buffer Overflow 6144.0 X.Org X Font Server string-tcp high false Buffer Overflow 6145.0 Trend Micro ServerProtect string-tcp high false TMregChange Buffer Overflow 6145.0 Trend Micro ServerProtect string-tcp high false TMregChange Buffer Overflow 6146.0 Squid WCCP Message string-udp high false Receive Buffer Overflow 6146.0 Squid WCCP Message string-udp high false Receive Buffer Overflow 6147.0 RealPlayer RealMedia string-tcp high false Security Bypass 6147.0 RealPlayer RealMedia string-tcp high false Security Bypass 6149.0 MySQL Arbitrary Library string-tcp high false Injection 6149.0 MySQL Arbitrary Library string-tcp high false Injection 6156.0 MIT Kerberos kadmind RPC string-tcp high false Library Unix Authentication 6156.0 MIT Kerberos kadmind RPC string-tcp high false Library Unix Authentication 6158.0 MIT Kerberos Kadmind string-tcp high false Rename Buffer Overflow 6158.0 MIT Kerberos Kadmind string-tcp high false Rename Buffer Overflow 6297.0 RealPlayer ActiveX Import meta high true Method Buffer Overflow 6297.0 RealPlayer ActiveX Import meta high true Method Buffer Overflow 6730.0 IBM Tivoli Storage string-tcp high false Manager Express Buffer Overflow 6730.0 IBM Tivoli Storage string-tcp high false Manager Express Buffer Overflow 6731.0 CA BrightStor ARCServe string-tcp high false Backup LGServer Username Buffer Overflow 6731.0 CA BrightStor ARCServe string-tcp high false Backup LGServer Username Buffer Overflow 6733.0 CA BrightStor ARCServe string-tcp high false Backup LGServer Arbitrary File Upload 6733.0 CA BrightStor ARCServe string-tcp high false Backup LGServer Arbitrary File Upload 6759.0 Apple Safari Regular string-tcp high true Expression Overflow 6759.0 Apple Safari Regular string-tcp high true Expression Overflow 6770.0 OpenOffice PRTDATA Heap string-tcp high false Overflow 6770.0 OpenOffice PRTDATA Heap string-tcp high false Overflow 7244.1 Microsoft Excel Buffer string-tcp high false Overflow 7244.1 Microsoft Excel Buffer string-tcp high false Overflow 7256.0 ActSoft DVD-Tools ActiveX meta high true control Buffer Overflow 7256.0 ActSoft DVD-Tools ActiveX meta high true control Buffer Overflow 7256.1 ActSoft DVD-Tools ActiveX string-tcp informational true control Buffer Overflow 7256.1 ActSoft DVD-Tools ActiveX string-tcp informational true control Buffer Overflow 7256.2 ActSoft DVD-Tools ActiveX string-tcp informational true control Buffer Overflow 7256.2 ActSoft DVD-Tools ActiveX string-tcp informational true control Buffer Overflow 7285.0 Samba Unauthorized Root service-smb-ad medium true File System Access vanced 7285.0 Samba Unauthorized Root service-smb-ad medium true File System Access vanced 7291.0 VideoLAN VLC Media Player meta high true WAV Processing Integer Overflow 7291.0 VideoLAN VLC Media Player meta high true WAV Processing Integer Overflow 7291.1 VideoLAN VLC Media Player string-tcp informational true WAV Processing Integer Overflow 7291.1 VideoLAN VLC Media Player string-tcp informational true WAV Processing Integer Overflow 7291.2 VideoLAN VLC Media Player string-tcp informational true WAV Processing Integer Overflow 7291.2 VideoLAN VLC Media Player string-tcp informational false WAV Processing Integer Overflow 7292.0 Apple QuickTime Crafted string-tcp high false HTTP Error Response Buffer Overflow 7292.0 Apple QuickTime Crafted string-tcp high false HTTP Error Response Buffer Overflow 15009.0 Microsoft Office string-tcp high false MSODataSourceControl Denial Of Service 15009.0 Microsoft Office string-tcp high false MSODataSourceControl Denial Of Service 15017.0 Oracle Secure Backup service-http high true Login.php Command Injection 15017.0 Oracle Secure Backup service-http high true Login.php Command Injection 15115.0 Sun Java System Web Proxy string-tcp high false sockd Daemon Overflow 15115.0 Sun Java System Web Proxy string-tcp high false sockd Daemon Overflow 15274.0 IBM Lotus Domino LDAP string-tcp high false Server Memory Exception 15274.0 IBM Lotus Domino LDAP string-tcp high false Server Memory Exception 15275.0 SpamAssassin Spamd Remote string-tcp high false Command Execution 15275.0 SpamAssassin Spamd Remote string-tcp high false Command Execution 15294.0 Chrome URI Handler Remote string-tcp high true Command Execution 15294.0 Chrome URI Handler Remote string-tcp high true Command Execution 15314.0 Symantec Firewall DNS atomic-ip high false Response Denial Of Service 15314.0 Symantec Firewall DNS atomic-ip high false Response Denial Of Service 15374.0 Microsoft Windows Media string-tcp high false Player Skin Decompression Vulnerability 15374.0 Microsoft Windows Media string-tcp high false Player Skin Decompression Vulnerability 15375.0 Microsoft Windows Media string-tcp high false Player Skin Parsing Vulnerability 15375.0 Microsoft Windows Media string-tcp high false Player Skin Parsing Vulnerability 15376.0 Trend Micro ServerProtect service-msrpc high false RPC Overflow 15376.0 Trend Micro ServerProtect service-msrpc high false RPC Overflow 15393.0 Asterisk T.38 Buffer atomic-ip high false Overflow 15393.0 Asterisk T.38 Buffer atomic-ip high false Overflow 15454.0 LogMeIn Hamachi Activity atomic-ip informational false 15454.0 LogMeIn Hamachi Activity atomic-ip informational false 15455.0 LogMeIn Product Activity atomic-ip low false 15455.0 LogMeIn Product Activity atomic-ip low false 15513.0 Apple Mac OS X iChat AIM string-tcp high false URL Format String Vulnerability 15513.0 Apple Mac OS X iChat AIM string-tcp high false URL Format String Vulnerability 15573.0 Apple Mac OS X string-tcp high false FinderMemory Corruption 15573.0 Apple Mac OS X string-tcp high false FinderMemory Corruption 15753.0 CVS Line Entry Heap string-tcp high false Overflow 15753.0 CVS Line Entry Heap string-tcp high false Overflow TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S386 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 15593.0 Windows System32 service-smb-ad informational false Directory Write Access vanced 15593.0 Windows System32 service-smb-ad informational false Directory Write Access vanced 15816.0 WPAD Registration atomic-ip medium false Vulnerability 15816.0 WPAD Registration atomic-ip medium false Vulnerability 15833.0 Windows Kernel Input string-tcp high true Validation Vulnerability 15833.0 Windows Kernel Input string-tcp high true Validation Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3113.1 Email Attachment with string-tcp medium false Malicious Payload 3113.1 Email Attachment with string-tcp medium false Malicious Payload 3128.1 Exchange xexch50 overflow string-tcp high false 3128.1 Exchange xexch50 overflow string-tcp high false 3130.0 Mimail Virus I Variant string-tcp medium false File Attachment 3130.0 Mimail Virus I Variant string-tcp medium false File Attachment 3133.0 Novarg / Mydoom Virus string-tcp high false Mail Attachment Variant B 3133.0 Novarg / Mydoom Virus string-tcp high false Mail Attachment Variant B 3137.6 Sober Virus Activity string-tcp high false 3137.6 Sober Virus Activity string-tcp high false 3328.2 Windows SMB/RPC NoOp Sled string-tcp medium false 3328.2 Windows SMB/RPC NoOp Sled string-tcp medium false 5416.1 IE object data remote meta informational false execution 5416.1 IE object data remote meta informational false execution 5499.0 HTML Link in Object Tag string-tcp informational false in IE 5499.0 HTML Link in Object Tag string-tcp informational false in IE 5503.0 Object Creation In IE string-tcp informational false Local Zone 5503.0 Object Creation In IE string-tcp informational false Local Zone 5520.0 XEXCH50 Command Usage string-tcp informational false 5520.0 XEXCH50 Command Usage string-tcp informational false 5635.0 Plug and Play Overflow string-tcp informational false 5635.0 Plug and Play Overflow string-tcp informational false 5635.1 Plug and Play Overflow string-tcp informational false 5635.1 Plug and Play Overflow string-tcp informational false 5635.2 Plug and Play Overflow meta high false 5635.2 Plug and Play Overflow meta high false 5644.0 Client Service for string-tcp informational false NetWare Overflow 5644.0 Client Service for string-tcp informational false NetWare Overflow 5644.1 Client Service for string-tcp informational false NetWare Overflow 5644.1 Client Service for string-tcp informational false NetWare Overflow 5644.2 Client Service for string-tcp medium false NetWare Overflow 5644.2 Client Service for string-tcp medium false NetWare Overflow 5644.3 Client Service for meta high false NetWare Overflow 5644.3 Client Service for meta high false NetWare Overflow 5706.0 Persistent Content in a string-tcp medium false Dynamic Webpage 5706.0 Persistent Content in a string-tcp medium false Dynamic Webpage 5731.0 Windows Media Player BMP meta high false Processing Vulnerability 5731.0 Windows Media Player BMP meta high false Processing Vulnerability 5731.1 Windows Media Player BMP string-tcp informational false Processing Vulnerability 5731.1 Windows Media Player BMP string-tcp informational false Processing Vulnerability 5731.2 Windows Media Player BMP string-tcp medium false Processing Vulnerability 5731.2 Windows Media Player BMP string-tcp medium false Processing Vulnerability 5737.0 Internet Explorer Action string-tcp high false Handlers Overflow 5737.0 Internet Explorer Action string-tcp high false Handlers Overflow 5747.0 MDAC Function Remote Code meta high false Execution 5747.0 MDAC Function Remote Code meta high false Execution 5747.1 MDAC Function Remote Code string-tcp informational false Execution 5747.1 MDAC Function Remote Code string-tcp informational false Execution 5747.2 MDAC Function Remote Code string-tcp medium false Execution 5747.2 MDAC Function Remote Code string-tcp medium false Execution 5748.0 Non-SMTP Session Start meta low false 5748.0 Non-SMTP Session Start meta low false 5748.1 Non-SMTP Session Start string-tcp informational false 5748.1 Non-SMTP Session Start string-tcp informational false 5748.2 Non-SMTP Session Start string-tcp informational false 5748.2 Non-SMTP Session Start string-tcp informational false 5748.3 Non-SMTP Session Start string-tcp informational false 5748.3 Non-SMTP Session Start string-tcp informational false 5748.4 Non-SMTP Session Start string-tcp informational false 5748.4 Non-SMTP Session Start string-tcp informational false 5748.5 Non-SMTP Session Start string-tcp informational false 5748.5 Non-SMTP Session Start string-tcp informational false 5749.0 Internet Explorer Double string-tcp high false Byte Character Parsing 5749.0 Internet Explorer Double string-tcp high false Byte Character Parsing 5775.0 MHTML Redirection string-tcp low false 5775.0 MHTML Redirection string-tcp low false 5799.1 Server Service Code string-tcp informational false Execution 5799.1 Server Service Code string-tcp informational false Execution 5799.2 Server Service Code string-tcp informational false Execution 5799.2 Server Service Code string-tcp informational false Execution 5799.3 Server Service Code string-tcp informational false Execution 5799.3 Server Service Code string-tcp informational false Execution 5799.4 Server Service Code meta high false Execution 5799.4 Server Service Code meta high false Execution 5799.5 Server Service Code string-tcp informational false Execution 5799.5 Server Service Code string-tcp informational false Execution 5799.6 Server Service Code string-tcp informational false Execution 5799.6 Server Service Code string-tcp informational false Execution 5799.7 Server Service Code meta high false Execution 5799.7 Server Service Code meta high false Execution 5800.0 HTTP Large Content-Type string-tcp medium false 5800.0 HTTP Large Content-Type string-tcp medium false 5814.0 Step-by-Step Interactive meta high false Training Remote Code Execution 5814.0 Step-by-Step Interactive meta high false Training Remote Code Execution 5814.1 Step-by-Step Interactive string-tcp informational false Training Remote Code Execution 5814.1 Step-by-Step Interactive string-tcp informational false Training Remote Code Execution 5814.2 Step-by-Step Interactive string-tcp informational false Training Remote Code Execution 5814.2 Step-by-Step Interactive string-tcp informational false Training Remote Code Execution 5815.0 WebViewFolderIcon meta high false setSlice() Overflow 5815.0 WebViewFolderIcon meta high false setSlice() Overflow 5815.1 WebViewFolderIcon string-tcp informational false setSlice() Overflow 5815.1 WebViewFolderIcon string-tcp informational false setSlice() Overflow 5815.2 WebViewFolderIcon string-tcp informational false setSlice() Overflow 5815.2 WebViewFolderIcon string-tcp informational false setSlice() Overflow 5827.1 Internet Explorer ActiveX string-tcp informational false Control Arbitrary Code Execution 5827.1 Internet Explorer ActiveX string-tcp informational false Control Arbitrary Code Execution 5827.2 Internet Explorer ActiveX string-tcp informational false Control Arbitrary Code Execution 5827.2 Internet Explorer ActiveX string-tcp informational false Control Arbitrary Code Execution 5840.0 Internet Explorer CLSID string-tcp high false Code Execution 5840.0 Internet Explorer CLSID string-tcp high false Code Execution 5856.0 Agent URL Parsing Remote meta high false Code Execution 5856.0 Agent URL Parsing Remote meta high false Code Execution 5856.1 Agent URL Parsing Remote string-tcp informational false Code Execution 5856.1 Agent URL Parsing Remote string-tcp informational false Code Execution 5856.2 Agent URL Parsing Remote string-tcp informational false Code Execution 5856.2 Agent URL Parsing Remote string-tcp informational false Code Execution 5863.0 Internet Explorer meta high false CAPICOM.Certificates Remote Code Execution 5863.0 Internet Explorer meta high false CAPICOM.Certificates Remote Code Execution 5863.1 Internet Explorer string-tcp informational false CAPICOM.Certificates Remote Code Execution 5863.1 Internet Explorer string-tcp informational false CAPICOM.Certificates Remote Code Execution 5863.2 Internet Explorer string-tcp informational false CAPICOM.Certificates Remote Code Execution 5863.2 Internet Explorer string-tcp informational false CAPICOM.Certificates Remote Code Execution 5865.0 Microsoft WMS Arbitrary meta high false File Rewrite Vulnerability 5865.0 Microsoft WMS Arbitrary meta high false File Rewrite Vulnerability 5865.1 Microsoft WMS Arbitrary string-tcp informational false File Rewrite Vulnerability 5865.1 Microsoft WMS Arbitrary string-tcp informational false File Rewrite Vulnerability 5865.2 Microsoft WMS Arbitrary string-tcp informational false File Rewrite Vulnerability 5865.2 Microsoft WMS Arbitrary string-tcp informational false File Rewrite Vulnerability 5870.0 Win32 API Vulnerability string-tcp high false 5870.0 Win32 API Vulnerability string-tcp high false 5880.0 Sun Java Web Start JNLP string-tcp high false File Stack Overflow 5880.0 Sun Java Web Start JNLP string-tcp high false File Stack Overflow 5909.0 Browser Address Bar string-tcp medium false Spoofing Attack 5909.0 Browser Address Bar string-tcp medium false Spoofing Attack 6228.0 Mac OSX Software Update meta high false Remote Code Execution 6228.0 Mac OSX Software Update meta high false Remote Code Execution 6228.1 Mac OSX Software Update string-tcp informational false Remote Code Execution 6228.1 Mac OSX Software Update string-tcp informational false Remote Code Execution 6228.2 Mac OSX Software Update string-tcp informational false Remote Code Execution 6228.2 Mac OSX Software Update string-tcp informational false Remote Code Execution 6228.3 Mac OSX Software Update string-tcp informational false Remote Code Execution 6228.3 Mac OSX Software Update string-tcp informational false Remote Code Execution 6229.0 MS SQL Server sqldmo.dll meta high false Overflow 6229.0 MS SQL Server sqldmo.dll meta high false Overflow 6229.1 MS SQL Server sqldmo.dll string-tcp informational false Overflow 6229.1 MS SQL Server sqldmo.dll string-tcp informational false Overflow 6229.2 MS SQL Server sqldmo.dll string-tcp informational false Overflow 6229.2 MS SQL Server sqldmo.dll string-tcp informational false Overflow 6513.0 Macrovision FlexNet meta medium false DownloadManager Insecure Methods 6513.0 Macrovision FlexNet meta medium false DownloadManager Insecure Methods 6513.1 Macrovision FlexNet string-tcp informational false DownloadManager Insecure Methods 6513.1 Macrovision FlexNet string-tcp informational false DownloadManager Insecure Methods 6513.2 Macrovision FlexNet string-tcp informational false DownloadManager Insecure Methods 6513.2 Macrovision FlexNet string-tcp informational false DownloadManager Insecure Methods 6777.0 Windows OLE Automation meta high false Remote Code Execution 6777.0 Windows OLE Automation meta high false Remote Code Execution 6777.1 Windows OLE Automation string-tcp informational false Remote Code Execution 6777.1 Windows OLE Automation string-tcp informational false Remote Code Execution 6777.2 Windows OLE Automation string-tcp informational false Remote Code Execution 6777.2 Windows OLE Automation string-tcp informational false Remote Code Execution 6778.0 Microsoft Works Converter string-tcp high false Index Table Vulnerability 6778.0 Microsoft Works Converter string-tcp high false Index Table Vulnerability 6924.0 MS Publisher Remote Code string-tcp high false Execution 6924.0 MS Publisher Remote Code string-tcp high false Execution 6925.0 IE Property Memory meta high false Corruption 6925.0 IE Property Memory meta high false Corruption 6925.1 IE Property Memory string-tcp informational false Corruption 6925.1 IE Property Memory string-tcp informational false Corruption 6925.2 IE Property Memory string-tcp informational false Corruption 6925.2 IE Property Memory string-tcp informational false Corruption 6925.3 IE Property Memory string-tcp informational false Corruption 6925.3 IE Property Memory string-tcp informational false Corruption 12022.0 Perfect Keylogger Activity string-tcp low false 12022.0 Perfect Keylogger Activity string-tcp low false 12022.1 Perfect Keylogger Activity string-tcp low false 12022.1 Perfect Keylogger Activity string-tcp low false CAVEATS None. Modified signature(s) detail: The following signatures were set disabled and retired by default: 12022-0; 12022-1; 3113-1; 3128-1; 3130-0; 3133-0; 3137-6; 3328-2; 5416-1; 5499-0; 5503-0; 5520-0; 5635-0; 5635-1; 5635-2; 5644-0; 5644-1; 5644-2; 5644-3; 5706-0; 5731-0; 5731-1; 5731-2; 5737-0; 5747-0; 5747-1; 5747-2; 5748-0; 5748-1; 5748-2; 5748-3; 5748-4; 5748-5; 5749-0; 5775-0; 5799-0; 5799-1; 5799-2; 5799-3; 5799-4; 5799-5; 5799-6; 5799-7; 5800-0; 5814-0; 5814-1; 5814-2; 5815-0; 5815-1; 5815-2; 5827-1; 5827-2; 5840-0; 5856-0; 5856-1; 5856-2; 5863-0; 5863-1; 5863-2; 5865-0; 5865-1; 5865-2; 5870-0; 5880-0; 5909-0; 6228-0; 6228-1; 6228-2; 6228-3; 6229-0; 6229-1; 6229-2; 6513-0; 6513-1; 6513-2; 6777-0; 6777-1; 6777-2; 6778-0; 6924-0; 6925-0; 6925-1; 6925-2; 6925-3. The sig-type parameter missing from a number of signatures was populated in this release; however, the signatures in question were not re-released as no this change has no effect on functionality. The changes are visible in the386. edc.inc xml file. ================================================================================================= S385 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 15733.0 MS Excel Invalid Object string-tcp high true Arbitrary Code Execution 15733.0 MS Excel Invalid Object string-tcp high true Arbitrary Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S384 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 15493.0 Cisco ANM Java Agent service-http medium true Privilege Escalation 15493.0 Cisco ANM Java Agent service-http medium true Privilege Escalation 15634.0 Cisco ACE Crafted SSH string-tcp high true Packet Vulnerability 15634.0 Cisco ACE Crafted SSH string-tcp high true Packet Vulnerability 15653.0 Crafted SNMPv3 packet may atomic-ip medium true crash ACE appliance 15653.0 Crafted SNMPv3 packet may atomic-ip medium true crash ACE appliance 15673.0 Cisco Unified service-http high true MeetingPlace Stored XSS 15673.0 Cisco Unified service-http high true MeetingPlace Stored XSS TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S383 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 15613.0 Malicious Adobe Reader string-tcp high true PDF File 15613.0 Malicious Adobe Reader string-tcp high true PDF File 15613.1 Malicious Adobe Reader string-tcp high true PDF File 15613.1 Malicious Adobe Reader string-tcp high true PDF File TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S382 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 15233.1 Internet Explorer string-tcp high true Uninitalized Memory Corruption 15233.1 Internet Explorer string-tcp high true Uninitalized Memory Corruption 15233.2 Internet Explorer string-tcp high true Uninitalized Memory Corruption 15233.2 Internet Explorer string-tcp high true Uninitalized Memory Corruption TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S381 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 15233.0 Internet Explorer string-tcp high true Uninitalized Memory Corruption 15233.0 Internet Explorer string-tcp high true Uninitalized Memory Corruption 15234.0 Internet Explorer CSS string-tcp high true Memory Corruption Vulnerability 15234.0 Internet Explorer CSS string-tcp high true Memory Corruption Vulnerability 15235.0 Exchange Server Memory state high true Corruption Vulnerability 15235.0 Exchange Server Memory state high true Corruption Vulnerability 15293.0 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.0 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.1 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.1 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.2 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.2 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.3 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.3 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.4 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.4 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.5 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.5 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.6 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.6 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.7 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.7 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.8 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15293.8 Microsoft Internet string-tcp informational false Explorer ActiveX Kill Bit CLSID 15313.0 MS SQL string-tcp high true sp_replwritetovarbin Limited Memory Overwrite 15313.0 MS SQL string-tcp high true sp_replwritetovarbin Limited Memory Overwrite TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S380 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6402.0 Samba SPOOLSS Notify service-smb-ad high false Options Heap overflow vanced 6402.0 Samba SPOOLSS Notify service-smb-ad high false Options Heap overflow vanced 15113.0 Long IMAP CREATE Command string-tcp high true 15113.0 Long IMAP CREATE Command string-tcp high true 15116.0 MySQL Server Date_format string-tcp medium false Function Format String Vulnerability 15116.0 MySQL Server Date_format string-tcp medium false Function Format String Vulnerability 15253.0 Novell GroupWise Internet state high true Agent RCPT Overflow 15253.0 Novell GroupWise Internet state high true Agent RCPT Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3408.0 Telnet Client LINEMODE string-tcp high true SLC Option Overflow 3408.0 Telnet Client LINEMODE string-tcp high true SLC Option Overflow CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S379 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7289.0 SAP MaxDB Remote string-tcp high true Arbitrary Commands Execution 7289.0 SAP MaxDB Remote string-tcp high true Arbitrary Commands Execution 7293.0 Trend Micro OfficeScan service-http high true Password Decryption Function Buffer Overflow 7293.0 Trend Micro OfficeScan service-http high true Password Decryption Function Buffer Overflow 15153.0 libspf2 DNS TXT Record atomic-ip high true Parsing Buffer Overflow 15153.0 libspf2 DNS TXT Record atomic-ip high true Parsing Buffer Overflow 15175.0 Microsoft Internet string-tcp high true Explorer 7 Input Tag Denial of Service 15175.0 Microsoft Internet string-tcp high true Explorer 7 Input Tag Denial of Service 15175.1 Microsoft Internet string-tcp high true Explorer 7 Input Tag Denial of Service 15175.1 Microsoft Internet string-tcp high true Explorer 7 Input Tag Denial of Service 15193.0 Waledac Trojan Activity service-http high true 15193.0 Waledac Trojan Activity service-http high true 15193.1 Waledac Trojan Activity service-http high true 15193.1 Waledac Trojan Activity service-http high true 15193.2 Waledac Trojan Activity string-tcp high true 15193.2 Waledac Trojan Activity string-tcp high true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3347.1 Windows ASN.1 Library Bit string-tcp high true String Heap Corruption 3347.1 Windows ASN.1 Library Bit string-tcp high true String Heap Corruption 5505.0 RIP Trace atomic-ip high true 5505.0 RIP Trace atomic-ip high true 5505.1 RIP Trace atomic-ip high true 5505.1 RIP Trace atomic-ip high true 7295.0 libspf2 DNS TXT Record service-dns high false Parsing Buffer Overflow 7295.0 libspf2 DNS TXT Record service-dns high false Parsing Buffer Overflow CAVEATS None. Modified signature(s) detail: 3347-1 has been unretired and enabled, 139 added to service-ports. 5505-[01] - Source port has been added to the signatures to reduce false positives. 7295-0 has been retired/disabled and obsoleted by 15153-0. ================================================================================================= S378 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7249.0 Microsoft Help Project string-tcp high false Files (HPJ) Buffer Overflow 7249.0 Microsoft Help Project string-tcp high false Files (HPJ) Buffer Overflow 7284.0 Borland InterBase Service string-tcp high true Attach Request Overflow 7284.0 Borland InterBase Service string-tcp high true Attach Request Overflow 7295.0 libspf2 DNS TXT Record service-dns high true Parsing Buffer Overflow 7295.0 libspf2 DNS TXT Record service-dns high true Parsing Buffer Overflow 11203.1 IRC Channel Join fixed-tcp medium true 11203.1 IRC Channel Join fixed-tcp medium true 15001.0 AtTheOffice Activity string-tcp medium true 15001.0 AtTheOffice Activity string-tcp medium true 15016.0 DNS Query For ROOT atomic-ip high false 15016.0 DNS Query For ROOT atomic-ip high false TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S377 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 13491.0 Worm Activity - Brute meta high true Force 13491.0 Worm Activity - Brute meta high true Force 13492.0 Worm Activity - Brute meta high true Force 13492.0 Worm Activity - Brute meta high true Force TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S376 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 15005.0 Microsoft Windows SMB string-tcp high true Remote Code Execution 15005.0 Microsoft Windows SMB string-tcp high true Remote Code Execution 15006.0 Microsoft Windows SMB service-smb-ad high true Remote Code Execution vanced 15006.0 Microsoft Windows SMB service-smb-ad high true Remote Code Execution vanced TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S375 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5991.0 MaxDB WebDBM Buffer service-http high true Overflow 5991.0 MaxDB WebDBM Buffer service-http high true Overflow 7286.0 Citrix IMA Service Buffer string-tcp high true Overflow 7286.0 Citrix IMA Service Buffer string-tcp high true Overflow TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S374 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6282.1 Malformed PICT Filter string-tcp high true Vulnerability 6282.1 Malformed PICT Filter string-tcp high true Vulnerability TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S373 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5859.0 uTorrent File Handling string-tcp high true Buffer Overflow 5859.0 uTorrent File Handling string-tcp high true Buffer Overflow 7306.2 Microsoft Internet string-tcp high true Explorer XML Code Execution 7306.2 Microsoft Internet string-tcp high true Explorer XML Code Execution 7306.3 Microsoft Internet string-tcp high true Explorer XML Code Execution 7306.3 Microsoft Internet string-tcp high true Explorer XML Code Execution 7307.0 MS SQL Server meta high true sp_replwritetovarbin memory overwrite 7307.0 MS SQL Server meta high true sp_replwritetovarbin memory overwrite 7307.1 MS SQL Server string-tcp informational true sp_replwritetovarbin memory overwrite 7307.1 MS SQL Server string-tcp informational true sp_replwritetovarbin memory overwrite 7307.2 MS SQL Server string-tcp informational true sp_replwritetovarbin memory overwrite 7307.2 MS SQL Server string-tcp informational true sp_replwritetovarbin memory overwrite 7308.0 DLL Memory Protection string-tcp high true Bypass 7308.0 DLL Memory Protection string-tcp high true Bypass TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7296.0 Word RTF Object Parsing string-tcp high true Vulnerability 7296.0 Word RTF Object Parsing string-tcp high true Vulnerability 7430.0 Microsoft Internet string-tcp high true Explorer Embedded Object Code Execution 7430.0 Microsoft Internet string-tcp high true Explorer Embedded Object Code Execution CAVEATS None. Modified signature(s) detail: 7296-0: The regex has been modified to improve fidelity. 7430-0 : The title of this signature has been changed to improve its accuracy. ================================================================================================= S372 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7306.1 Microsoft Internet string-tcp high true Explorer XML Code Execution 7306.1 Microsoft Internet string-tcp high true Explorer XML Code Execution TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7428.0 Microsoft Word RTF File string-tcp high true Code Execution 7428.0 Microsoft Word RTF File string-tcp high true Code Execution CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S371 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7306.0 Microsoft Internet string-tcp high true Explorer XML Code Execution 7306.0 Microsoft Internet string-tcp high true Explorer XML Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S370 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5082.0 IE HTML Objects Memory string-tcp high true Corruption 5082.0 IE HTML Objects Memory string-tcp high true Corruption 6226.0 Trojan.Srizbi Bot atomic-ip high true 6226.0 Trojan.Srizbi Bot atomic-ip high true 6227.0 Visual Basic Charts string-tcp high true Control Memory Corruption 6227.0 Visual Basic Charts string-tcp high true Control Memory Corruption 6295.0 LANDesk Intel QIP Service multi-string high true Heal Packet Buffer Overflow 6295.0 LANDesk Intel QIP Service multi-string high true Heal Packet Buffer Overflow 6977.0 Wonderware Suitlink string-tcp high true Denial Of Service 6977.0 Wonderware Suitlink string-tcp high true Denial Of Service 6977.1 Wonderware Suitlink string-tcp high true Denial Of Service 6977.1 Wonderware Suitlink string-tcp high true Denial Of Service 7221.0 Hierarchical FlexGrid meta high true Control Memory Corruption 7221.0 Hierarchical FlexGrid meta high true Control Memory Corruption 7221.1 Hierarchical FlexGrid string-tcp informational true Control Memory Corruption 7221.1 Hierarchical FlexGrid string-tcp informational true Control Memory Corruption 7221.2 Hierarchical FlexGrid string-tcp informational true Control Memory Corruption 7221.2 Hierarchical FlexGrid string-tcp informational true Control Memory Corruption 7253.0 Novell ZENworks Desktop meta high true Management CanUninstall ActiveX Overflow 7253.0 Novell ZENworks Desktop meta high true Management CanUninstall ActiveX Overflow 7253.1 Novell ZENworks Desktop string-tcp informational true Management CanUninstall ActiveX Overflow 7253.1 Novell ZENworks Desktop string-tcp informational true Management CanUninstall ActiveX Overflow 7265.0 GDI Integer Overflow string-tcp high true 7265.0 GDI Integer Overflow string-tcp high true 7296.0 Word RTF Object Parsing string-tcp high true Vulnerability 7296.0 Word RTF Object Parsing string-tcp high true Vulnerability 7297.0 MS Word Memory Corruption string-tcp high true Vulnerability 7297.0 MS Word Memory Corruption string-tcp high true Vulnerability 7298.0 MS Visual Basic Flexgrid meta high true Control Buffer Overflow 7298.0 MS Visual Basic Flexgrid meta high true Control Buffer Overflow 7298.1 MS Visual Basic Flexgrid string-tcp informational true Control Buffer Overflow 7298.1 MS Visual Basic Flexgrid string-tcp informational true Control Buffer Overflow 7299.0 Microsoft Word RTF RCE string-tcp high true 7299.0 Microsoft Word RTF RCE string-tcp high true 7300.0 Sharepoint Access Control service-http high true Vulnerability 7300.0 Sharepoint Access Control service-http high true Vulnerability 7301.0 Excel Global Array Memory string-tcp high true Corruption 7301.0 Excel Global Array Memory string-tcp high true Corruption 7302.0 Microsoft Windows Search string-tcp high true Remote Code Execution 7302.0 Microsoft Windows Search string-tcp high true Remote Code Execution 7303.0 Microsoft Excel File string-tcp high true Parsing Overflow 7303.0 Microsoft Excel File string-tcp high true Parsing Overflow 7304.0 Microsoft Word File string-tcp high true Parsing Overflow 7304.0 Microsoft Word File string-tcp high true Parsing Overflow 7422.1 Oracle WebLogic Apache string-tcp high true Connector Buffer Overflow 7422.1 Oracle WebLogic Apache string-tcp high true Connector Buffer Overflow 7425.0 Visual Basic 6 ActiveX meta high true Runtime Overflow 7425.0 Visual Basic 6 ActiveX meta high true Runtime Overflow 7425.1 Visual Basic 6 ActiveX string-tcp informational true Runtime Overflow 7425.1 Visual Basic 6 ActiveX string-tcp informational true Runtime Overflow 7426.0 Shell32 ActiveX meta high true Vulnerability 7426.0 Shell32 ActiveX meta high true Vulnerability 7426.1 Shell32 ActiveX string-tcp informational true Vulnerability 7426.1 Shell32 ActiveX string-tcp informational true Vulnerability 7427.0 Shell32 ActiveX meta high true Vulnerability 7427.0 Shell32 ActiveX meta high true Vulnerability 7427.1 Shell32 ActiveX string-tcp informational true Vulnerability 7427.1 Shell32 ActiveX string-tcp informational true Vulnerability 7428.0 Microsoft Word RTF File string-tcp high true Code Execution 7428.0 Microsoft Word RTF File string-tcp high true Code Execution 7429.0 Microsoft Windows string-tcp high true Search-ms Protocol Handler Code Execution 7429.0 Microsoft Windows string-tcp high true Search-ms Protocol Handler Code Execution 7430.0 Microsoft Internet string-tcp high true Explorer Embeded Object Code Execution 7430.0 Microsoft Internet string-tcp high true Explorer Embeded Object Code Execution 7432.0 Word RTF Object Parsing meta high true Remote Code Execution 7432.0 Word RTF Object Parsing meta high true Remote Code Execution 7432.1 Word RTF Object Parsing string-tcp informational true Remote Code Execution 7432.1 Word RTF Object Parsing string-tcp informational true Remote Code Execution 7432.2 Word RTF Object Parsing string-tcp informational true Remote Code Execution 7432.2 Word RTF Object Parsing string-tcp informational true Remote Code Execution 7434.0 Microsoft Word Memory string-tcp high true Corruption Vulnerability 7434.0 Microsoft Word Memory string-tcp high true Corruption Vulnerability 7436.0 File Format Parsing string-tcp high true Remote Code Execution 7436.0 File Format Parsing string-tcp high true Remote Code Execution 7438.0 MS DataGrid Control string-tcp high true Memory Corruption 7438.0 MS DataGrid Control string-tcp high true Memory Corruption TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7422.0 Oracle WebLogic Apache service-http high false Connector Buffer Overflow 7422.0 Oracle WebLogic Apache service-http high false Connector Buffer Overflow CAVEATS None. Modified signature(s) detail: 7422-0: This signature has been obsoleted by signature 7422-1 to increase its fidelity. ================================================================================================= S369 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6975.0 Arbitrary File Upload In string-tcp high true CA ARCserve 6975.0 Arbitrary File Upload In string-tcp high true CA ARCserve TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S368 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5640.3 XML Race Condition in string-tcp informational true Internet Explorer 5640.3 XML Race Condition in string-tcp informational true Internet Explorer 7232.0 CA ARCserve Backup string-tcp high true Authentication Username Overflow 7232.0 CA ARCserve Backup string-tcp high true Authentication Username Overflow 7235.0 CoolPlayer m3u Playlist string-tcp high true Stack Overflow 7235.0 CoolPlayer m3u Playlist string-tcp high true Stack Overflow 7239.0 ChilkatHttp ActiveX meta high true Arbitrary File Overwrite 7239.0 ChilkatHttp ActiveX meta high true Arbitrary File Overwrite 7239.1 ChilkatHttp ActiveX string-tcp informational true Arbitrary File Overwrite 7239.1 ChilkatHttp ActiveX string-tcp informational true Arbitrary File Overwrite 7239.2 ChilkatHttp ActiveX string-tcp informational true Arbitrary File Overwrite 7239.2 ChilkatHttp ActiveX string-tcp informational true Arbitrary File Overwrite 7241.0 Akamai Download Manager meta high true ActiveX Control Remote Code Execution 7241.0 Akamai Download Manager meta high true ActiveX Control Remote Code Execution 7241.1 Akamai Download Manager string-tcp informational true ActiveX Control Remote Code Execution 7241.1 Akamai Download Manager string-tcp informational true ActiveX Control Remote Code Execution 7241.2 Akamai Download Manager string-tcp informational true ActiveX Control Remote Code Execution 7241.2 Akamai Download Manager string-tcp informational true ActiveX Control Remote Code Execution 7251.0 Iseemedia LPViewer meta high true ActiveX Buffer Overflows 7251.0 Iseemedia LPViewer meta high true ActiveX Buffer Overflows 7251.1 Iseemedia LPViewer string-tcp informational true ActiveX Buffer Overflows 7251.1 Iseemedia LPViewer string-tcp informational true ActiveX Buffer Overflows 7264.0 Adobe util.printf meta high true JavaScript Stack Buffer Overflow 7264.0 Adobe util.printf meta high true JavaScript Stack Buffer Overflow 7264.1 Adobe util.printf string-tcp informational true JavaScript Stack Buffer Overflow 7264.1 Adobe util.printf string-tcp informational true JavaScript Stack Buffer Overflow 7264.2 Adobe util.printf string-tcp informational true JavaScript Stack Buffer Overflow 7264.2 Adobe util.printf string-tcp informational true JavaScript Stack Buffer Overflow 7264.3 Adobe util.printf string-tcp high true JavaScript Stack Buffer Overflow 7264.3 Adobe util.printf string-tcp high true JavaScript Stack Buffer Overflow 7264.4 Adobe util.printf string-tcp high true JavaScript Stack Buffer Overflow 7264.4 Adobe util.printf string-tcp high true JavaScript Stack Buffer Overflow 7282.0 SecurityGateway Username service-http high true Buffer Overflow 7282.0 SecurityGateway Username service-http high true Buffer Overflow 7422.0 Oracle WebLogic Apache service-http high true Connector Buffer Overflow 7422.0 Oracle WebLogic Apache service-http high true Connector Buffer Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5474.0 SQL Query in HTTP Request service-http low true 5474.0 SQL Query in HTTP Request service-http low true 5575.0 NBT NetBIOS Session service-smb-ad informational true Service Failed Login vanced 5575.0 NBT NetBIOS Session service-smb-ad informational true Service Failed Login vanced 5640.0 XML Race Condition in meta high true Internet Explorer 5640.0 XML Race Condition in meta high true Internet Explorer 5916.0 URL Handler Vulnerability string-tcp high true 5916.0 URL Handler Vulnerability string-tcp high true 6522.0 Failed HTTP Login / HTTP atomic-ip medium false 401 6522.0 Failed HTTP Login / HTTP atomic-ip medium false 401 7231.0 Windows Media Encoder 9 meta high true Remote Code Execution 7231.0 Windows Media Encoder 9 meta high true Remote Code Execution 7231.1 Windows Media Encoder 9 string-tcp informational true Remote Code Execution 7231.1 Windows Media Encoder 9 string-tcp informational true Remote Code Execution 7231.2 Windows Media Encoder 9 string-tcp informational true Remote Code Execution 7231.2 Windows Media Encoder 9 string-tcp informational true Remote Code Execution CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S367 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5640.0 XML Race Condition in meta high true Internet Explorer 5640.0 XML Race Condition in meta high true Internet Explorer 5640.1 XML Race Condition in string-tcp informational true Internet Explorer 5640.1 XML Race Condition in string-tcp informational true Internet Explorer 5640.2 XML Race Condition in string-tcp informational true Internet Explorer 5640.2 XML Race Condition in string-tcp informational true Internet Explorer 6795.0 Panda ActiveScan ActiveX meta high true Overflow 6795.0 Panda ActiveScan ActiveX meta high true Overflow 6795.1 Panda ActiveScan ActiveX string-tcp informational true Overflow 6795.1 Panda ActiveScan ActiveX string-tcp informational true Overflow 6990.3 Visual Studio meta informational true Msmask32.ocx ActiveX Buffer Overflow 6990.3 Visual Studio meta informational true Msmask32.ocx ActiveX Buffer Overflow 6990.4 Visual Studio string-tcp informational true Msmask32.ocx ActiveX Buffer Overflow 6990.4 Visual Studio string-tcp informational true Msmask32.ocx ActiveX Buffer Overflow 6990.5 Visual Studio string-tcp informational true Msmask32.ocx ActiveX Buffer Overflow 6990.5 Visual Studio string-tcp informational true Msmask32.ocx ActiveX Buffer Overflow 7245.2 Microsoft Excel Integer string-tcp high true Overflow 7245.2 Microsoft Excel Integer string-tcp high true Overflow 7248.0 Microsoft SQL Server 2000 meta high true Client Components ActiveX Buffer Overflow 7248.0 Microsoft SQL Server 2000 meta high true Client Components ActiveX Buffer Overflow 7248.1 Microsoft SQL Server 2000 string-tcp informational true Client Components ActiveX Buffer Overflow 7248.1 Microsoft SQL Server 2000 string-tcp informational true Client Components ActiveX Buffer Overflow 7255.0 MSXML Chunked Request meta high true Vulnerability 7255.0 MSXML Chunked Request meta high true Vulnerability 7255.1 MSXML Chunked Request string-tcp informational true Vulnerability 7255.1 MSXML Chunked Request string-tcp informational true Vulnerability 7255.2 MSXML Chunked Request string-tcp informational true Vulnerability 7255.2 MSXML Chunked Request string-tcp informational true Vulnerability 7283.0 Microsoft XML Core string-tcp high true Services RCE 7283.0 Microsoft XML Core string-tcp high true Services RCE 7283.1 Microsoft XML Core string-tcp high true Services RCE 7283.1 Microsoft XML Core string-tcp high true Services RCE 7287.0 KernelBot service-http high true 7287.0 KernelBot service-http high true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3337.0 Windows RPC Race service-msrpc high false Condition Exploitation 3337.0 Windows RPC Race service-msrpc high false Condition Exploitation 3550.0 POP Buffer Overflow string-tcp high false 3550.0 POP Buffer Overflow string-tcp high false 3735.0 CVS Flag Insertion string-tcp high false Overflow 3735.0 CVS Flag Insertion string-tcp high false Overflow 3737.0 Squid Proxy NTLM string-tcp high false Authenticate Overflow 3737.0 Squid Proxy NTLM string-tcp high false Authenticate Overflow 4703.0 MSSQL Resolution Service atomic-ip high true Stack Overflow 4703.0 MSSQL Resolution Service atomic-ip high true Stack Overflow 5055.0 HTTP Basic Authentication service-http high false Overflow 5055.0 HTTP Basic Authentication service-http high false Overflow 5565.4 Print Spooler Service service-smb-ad high true Overflow vanced 5565.4 Print Spooler Service service-smb-ad high true Overflow vanced 5579.0 SMB Remote Registry service-smb-ad informational true Access Attempt vanced 5579.0 SMB Remote Registry service-smb-ad informational true Access Attempt vanced 5586.0 Windows Locator Service service-smb-ad high true Overflow vanced 5586.0 Windows Locator Service service-smb-ad high true Overflow vanced 5588.0 Windows DCOM Overflow service-smb-ad high true vanced 5588.0 Windows DCOM Overflow service-smb-ad high true vanced 5588.1 Windows DCOM Overflow service-smb-ad high true vanced 5588.1 Windows DCOM Overflow service-smb-ad high true vanced 5591.0 SMB: Windows Share service-smb-ad informational true Enumeration vanced 5591.0 SMB: Windows Share service-smb-ad informational true Enumeration vanced 5592.0 SMB: RFPoison Attack service-smb-ad high true vanced 5592.0 SMB: RFPoison Attack service-smb-ad high true vanced 5598.0 Windows Workstation service-smb-ad high true Service Overflow vanced 5598.0 Windows Workstation service-smb-ad high true Service Overflow vanced 5598.1 Windows Workstation service-smb-ad high true Service Overflow vanced 5598.1 Windows Workstation service-smb-ad high true Service Overflow vanced 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5637.0 Internet Explorer FTP string-tcp high false Download Path Traversal 5637.0 Internet Explorer FTP string-tcp high false Download Path Traversal 5717.0 Ipswitch SMTP Format string-tcp high false String 5717.0 Ipswitch SMTP Format string-tcp high false String 5846.0 FTP 230 Reply Code string-tcp informational false 5846.0 FTP 230 Reply Code string-tcp informational false 5847.0 FTP Successful Privileged meta low false Login 5847.0 FTP Successful Privileged meta low false Login 5847.1 FTP Successful Privileged meta low false Login 5847.1 FTP Successful Privileged meta low false Login 5858.5 DNS Server RPC Interface service-smb-ad high true Buffer Overflow vanced 5858.5 DNS Server RPC Interface service-smb-ad high true Buffer Overflow vanced 5860.0 IOS FTPd Successful Login meta low false 5860.0 IOS FTPd Successful Login meta low false 6005.0 Unencrypted SSL Traffic service-http low false 6005.0 Unencrypted SSL Traffic service-http low false 6055.0 DNS Inverse Query Buffer service-dns high false Overflow 6055.0 DNS Inverse Query Buffer service-dns high false Overflow 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6253.0 POP3 Authorization Failure string-tcp informational false 6253.0 POP3 Authorization Failure string-tcp informational false 6769.0 Netware LSASS CIFS.NLM service-smb-ad high true Driver Overflow vanced 6769.0 Netware LSASS CIFS.NLM service-smb-ad high true Driver Overflow vanced 6946.0 Web Client Remote Code service-smb-ad high true Execution Vulnerability vanced 6946.0 Web Client Remote Code service-smb-ad high true Execution Vulnerability vanced 6990.0 Visual Studio meta high true Msmask32.ocx ActiveX Buffer Overflow 6990.0 Visual Studio meta high true Msmask32.ocx ActiveX Buffer Overflow 7280.0 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.0 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.1 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.1 Windows Server Service service-smb-ad high true Remote Code Execution vanced 11020.1 BitTorrent Client Activity service-p2p low true 11020.1 BitTorrent Client Activity service-p2p low true 11245.3 IRC Server Connection fixed-tcp medium true 11245.3 IRC Server Connection fixed-tcp medium true CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S366 SIGNATURE UPDATE DETAILS NEW SIGNATURES There are no new signatures for this release. TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 4500.0 Cisco IOS Embedded SNMP service-snmp high false Community Names 4500.0 Cisco IOS Embedded SNMP service-snmp high false Community Names 4500.1 Cisco IOS Embedded SNMP service-snmp high false Community Names 4500.1 Cisco IOS Embedded SNMP service-snmp high false Community Names 5123.2 WWW IIS Internet Printing service-http high false Overflow 5123.2 WWW IIS Internet Printing service-http high false Overflow 5442.0 Cursor/Icon File Format string-tcp high false Buffer Overflow 5442.0 Cursor/Icon File Format string-tcp high false Buffer Overflow 6250.0 FTP Authorization Failure string-tcp informational false 6250.0 FTP Authorization Failure string-tcp informational false 6979.0 BEA WebLogic Server string-tcp high false Apache Connector HTTP Version String BO 6979.0 BEA WebLogic Server string-tcp high false Apache Connector HTTP Version String BO 6996.0 GDI+ BMP Integer Overflow string-tcp high false 6996.0 GDI+ BMP Integer Overflow string-tcp high false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S365 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 1317.0 Zero Window Probe normalizer informational true 1317.0 Zero Window Probe normalizer informational true 1400.0 GRE Over IPv6 atomic-ip-adva informational false Encapsulation nced 1400.0 GRE Over IPv6 atomic-ip-adva informational false Encapsulation nced 1401.0 IPIP Encapsulation atomic-ip-adva informational false nced 1401.0 IPIP Encapsulation atomic-ip-adva informational false nced 1402.0 MPLS Over IPv6 atomic-ip-adva informational false Encapsulation nced 1402.0 MPLS Over IPv6 atomic-ip-adva informational false Encapsulation nced 1403.0 IPv4 Over IPv6 atomic-ip-adva informational false Encapsulation nced 1403.0 IPv4 Over IPv6 atomic-ip-adva informational false Encapsulation nced 1405.0 Teredo Destination IP atomic-ip-adva informational false Address nced 1405.0 Teredo Destination IP atomic-ip-adva informational false Address nced 1406.0 Teredo Source Port atomic-ip-adva medium false nced 1406.0 Teredo Source Port atomic-ip-adva medium false nced 1407.0 Teredo Destination Port atomic-ip-adva informational false nced 1407.0 Teredo Destination Port atomic-ip-adva informational false nced 1408.0 Teredo Data Packet atomic-ip-adva informational false nced 1408.0 Teredo Data Packet atomic-ip-adva informational false nced 1409.0 GRE Tunnel Detected atomic-ip-adva informational false nced 1409.0 GRE Tunnel Detected atomic-ip-adva informational false nced 1410.0 IPv6 Over MPLS Tunnel atomic-ip-adva informational false nced 1410.0 IPv6 Over MPLS Tunnel atomic-ip-adva informational false nced 1610.0 ICMPv6 Echo Request atomic-ip-adva informational false nced 1610.0 ICMPv6 Echo Request atomic-ip-adva informational false nced 1611.0 ICMPv6 Echo Reply atomic-ip-adva informational false nced 1611.0 ICMPv6 Echo Reply atomic-ip-adva informational false nced 1612.0 ICMPv6 Destination atomic-ip-adva informational false Unreachable nced 1612.0 ICMPv6 Destination atomic-ip-adva informational false Unreachable nced 1613.0 ICMPv6 Packet Too Big atomic-ip-adva informational false Message nced 1613.0 ICMPv6 Packet Too Big atomic-ip-adva informational false Message nced 1614.0 ICMPv6 Time Exceeded atomic-ip-adva informational false Message nced 1614.0 ICMPv6 Time Exceeded atomic-ip-adva informational false Message nced 1615.0 ICMPv6 Parameter Problem atomic-ip-adva informational false Message nced 1615.0 ICMPv6 Parameter Problem atomic-ip-adva informational false Message nced 1616.0 ICMPv6 Group Membership atomic-ip-adva informational false Query nced 1616.0 ICMPv6 Group Membership atomic-ip-adva informational false Query nced 1617.0 ICMPv6 Group Membership atomic-ip-adva informational false Report nced 1617.0 ICMPv6 Group Membership atomic-ip-adva informational false Report nced 1618.0 ICMPv6 Membership atomic-ip-adva informational true Reduction nced 1618.0 ICMPv6 Membership atomic-ip-adva informational true Reduction nced 1619.0 ICMPv6 Router Solicitation atomic-ip-adva informational false nced 1619.0 ICMPv6 Router Solicitation atomic-ip-adva informational false nced 1620.0 ICMPv6 Router atomic-ip-adva informational false Advertisement nced 1620.0 ICMPv6 Router atomic-ip-adva informational false Advertisement nced 1621.0 ICMPv6 Neighbor atomic-ip-adva informational false Solicitation nced 1621.0 ICMPv6 Neighbor atomic-ip-adva informational false Solicitation nced 1622.0 ICMPv6 Neighbor atomic-ip-adva informational false Advertisement nced 1622.0 ICMPv6 Neighbor atomic-ip-adva informational false Advertisement nced 1623.0 ICMPv6 Redirect atomic-ip-adva informational false nced 1623.0 ICMPv6 Redirect atomic-ip-adva informational false nced 1624.0 ICMPv6 Router Renumbering atomic-ip-adva informational false nced 1624.0 ICMPv6 Router Renumbering atomic-ip-adva informational false nced 1625.0 ICMPv6 Membership Report atomic-ip-adva informational false V2 nced 1625.0 ICMPv6 Membership Report atomic-ip-adva informational false V2 nced 1626.0 Large ICMPV6 Traffic atomic-ip-adva informational false nced 1626.0 Large ICMPV6 Traffic atomic-ip-adva informational false nced 1627.0 Fragmented ICMPv6 Traffic atomic-ip-adva informational false nced 1627.0 Fragmented ICMPv6 Traffic atomic-ip-adva informational false nced 1628.0 ICMPv6 Traffic over IPv4 atomic-ip-adva medium true nced 1628.0 ICMPv6 Traffic over IPv4 atomic-ip-adva medium true nced 1629.0 ICMP Traffic over IPv6 atomic-ip-adva medium true nced 1629.0 ICMP Traffic over IPv6 atomic-ip-adva medium true nced 1630.0 ICMPv6 Packet Too Big atomic-ip-adva medium true nced 1630.0 ICMPv6 Packet Too Big atomic-ip-adva medium true nced 1700.0 IPv6 Hop-by-Hop Options atomic-ip-adva informational false Present nced 1700.0 IPv6 Hop-by-Hop Options atomic-ip-adva informational false Present nced 1701.0 IPv6 Destination Options atomic-ip-adva informational false Header Present nced 1701.0 IPv6 Destination Options atomic-ip-adva informational false Header Present nced 1702.0 IPv6 Routing Header atomic-ip-adva informational false Present nced 1702.0 IPv6 Routing Header atomic-ip-adva informational false Present nced 1703.0 IPv6 Fragmented Traffic atomic-ip-adva informational false nced 1703.0 IPv6 Fragmented Traffic atomic-ip-adva informational false nced 1704.0 IPv6 Authentication atomic-ip-adva informational false Header Present nced 1704.0 IPv6 Authentication atomic-ip-adva informational false Header Present nced 1705.0 IPv6 ESP Header Present atomic-ip-adva informational false nced 1705.0 IPv6 ESP Header Present atomic-ip-adva informational false nced 1706.0 Invalid IPv6 Header atomic-ip-adva informational false Traffic Class Field nced 1706.0 Invalid IPv6 Header atomic-ip-adva informational false Traffic Class Field nced 1707.0 Invalid IPv6 Header Flow atomic-ip-adva informational false Label Field nced 1707.0 Invalid IPv6 Header Flow atomic-ip-adva informational false Label Field nced 1708.0 IPv6 Header Contains An atomic-ip-adva informational false Invalid Address nced 1708.0 IPv6 Header Contains An atomic-ip-adva informational false Invalid Address nced 1710.0 IPv6 Extensions Headers atomic-ip-adva low true Out Of Order nced 1710.0 IPv6 Extensions Headers atomic-ip-adva low true Out Of Order nced 1711.0 Duplicate IPv6 Extension atomic-ip-adva low true Headers nced 1711.0 Duplicate IPv6 Extension atomic-ip-adva low true Headers nced 1712.0 IPv6 Packet Contains atomic-ip-adva high true Duplicate Src And Dst nced Address 1712.0 IPv6 Packet Contains atomic-ip-adva high true Duplicate Src And Dst nced Address 1713.0 IPv6 Header Contains atomic-ip-adva high true Multicast Source Address nced 1713.0 IPv6 Header Contains atomic-ip-adva high true Multicast Source Address nced 1714.0 IPv6 Address Set To atomic-ip-adva high true localhost nced 1714.0 IPv6 Address Set To atomic-ip-adva high true localhost nced 1716.0 IPv6 Options Padding Too atomic-ip-adva low true Long nced 1716.0 IPv6 Options Padding Too atomic-ip-adva low true Long nced 1717.0 Back To Back Padding atomic-ip-adva low true Options nced 1717.0 Back To Back Padding atomic-ip-adva low true Options nced 1718.0 IPv6 Option Data Too Short atomic-ip-adva low true nced 1718.0 IPv6 Option Data Too Short atomic-ip-adva low true nced 1719.0 IPv6 Endpoint atomic-ip-adva informational false Identification Option Set nced 1719.0 IPv6 Endpoint atomic-ip-adva informational false Identification Option Set nced 1720.0 IPv6 Jumbo Payload Option atomic-ip-adva informational true Set nced 1720.0 IPv6 Jumbo Payload Option atomic-ip-adva informational true Set nced 1721.0 IPv6 Router Alert Option atomic-ip-adva informational false Set nced 1721.0 IPv6 Router Alert Option atomic-ip-adva informational false Set nced 1722.0 IPv6 Tunnel Encapsulation atomic-ip-adva medium true Limit Option Set nced 1722.0 IPv6 Tunnel Encapsulation atomic-ip-adva medium true Limit Option Set nced 1723.0 IPv6 Packet Contains atomic-ip-adva medium true Unassigned Options nced 1723.0 IPv6 Packet Contains atomic-ip-adva medium true Unassigned Options nced 1724.0 IPv6 Endpoint atomic-ip-adva informational false Identification Option Set nced 1724.0 IPv6 Endpoint atomic-ip-adva informational false Identification Option Set nced 1725.0 IPv6 Tunnel Encapsulation atomic-ip-adva informational false Limit Option Set nced 1725.0 IPv6 Tunnel Encapsulation atomic-ip-adva informational false Limit Option Set nced 1726.0 IPv6 Invalid Option Set atomic-ip-adva medium true nced 1726.0 IPv6 Invalid Option Set atomic-ip-adva medium true nced 1727.0 IPv6 Router Alert Option atomic-ip-adva medium true Set nced 1727.0 IPv6 Router Alert Option atomic-ip-adva medium true Set nced 1728.0 IPv6 Routing Header Type 0 atomic-ip-adva informational true nced 1728.0 IPv6 Routing Header Type 0 atomic-ip-adva informational true nced 1730.0 IPv6 Type 1 Routing Header atomic-ip-adva informational true nced 1730.0 IPv6 Type 1 Routing Header atomic-ip-adva informational true nced 1731.0 IPv6 Type 2 Routing Header atomic-ip-adva informational false nced 1731.0 IPv6 Type 2 Routing Header atomic-ip-adva informational false nced 1732.0 IPv6 Routing Header Type atomic-ip-adva medium true Unknown Type nced 1732.0 IPv6 Routing Header Type atomic-ip-adva medium true Unknown Type nced 1733.0 Invalid IPv6 Routing atomic-ip-adva high true Header Length nced 1733.0 Invalid IPv6 Routing atomic-ip-adva high true Header Length nced 1734.0 IPv6 Routing Header atomic-ip-adva high true Incomplete nced 1734.0 IPv6 Routing Header atomic-ip-adva high true Incomplete nced 1735.0 IPv6 Routing Header atomic-ip-adva high true Contains Invalid IP nced Address 1735.0 IPv6 Routing Header atomic-ip-adva high true Contains Invalid IP nced Address 1736.0 IPv6 Routing Header atomic-ip-adva high true Contains A Loop nced 1736.0 IPv6 Routing Header atomic-ip-adva high true Contains A Loop nced 1737.0 IPv6 Routing Header atomic-ip-adva medium false Reserved Bits Set nced 1737.0 IPv6 Routing Header atomic-ip-adva medium false Reserved Bits Set nced 1738.0 IPv6 Unnecessary Fragment atomic-ip-adva informational true Header nced 1738.0 IPv6 Unnecessary Fragment atomic-ip-adva informational true Header nced 1739.0 IPv6 Illegal Fragmentation atomic-ip-adva high true nced 1739.0 IPv6 Illegal Fragmentation atomic-ip-adva high true nced 1740.0 Small IPv6 Fragments atomic-ip-adva informational true nced 1740.0 Small IPv6 Fragments atomic-ip-adva informational true nced 1741.0 IPv6 Fragment Header atomic-ip-adva low false Reserved Bits Set nced 1741.0 IPv6 Fragment Header atomic-ip-adva low false Reserved Bits Set nced TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 1007.0 IPv6 over IPv4 or IPv6 atomic-ip informational false 1007.0 IPv6 over IPv4 or IPv6 atomic-ip informational false 1304.0 TCP Session Packet Queue normalizer informational true Overflow 1304.0 TCP Session Packet Queue normalizer informational true Overflow 5565.4 Print Spooler Service service-smb-ad high true Overflow vanced 5565.4 Print Spooler Service service-smb-ad high true Overflow vanced 5579.0 SMB Remote Registry service-smb-ad informational true Access Attempt vanced 5579.0 SMB Remote Registry service-smb-ad informational true Access Attempt vanced 5579.1 SMB Remote Registry service-smb-ad medium true Access Attempt vanced 5579.1 SMB Remote Registry service-smb-ad medium true Access Attempt vanced 5583.0 SMB Remote SAM Service service-smb-ad informational true Access Attempt vanced 5583.0 SMB Remote SAM Service service-smb-ad informational true Access Attempt vanced 5586.0 Windows Locator Service service-smb-ad high true Overflow vanced 5586.0 Windows Locator Service service-smb-ad high true Overflow vanced 5588.0 Windows DCOM Overflow service-smb-ad high true vanced 5588.0 Windows DCOM Overflow service-smb-ad high true vanced 5588.1 Windows DCOM Overflow service-smb-ad high true vanced 5588.1 Windows DCOM Overflow service-smb-ad high true vanced 5590.0 SMB: User Enumeration service-smb-ad informational true vanced 5590.0 SMB: User Enumeration service-smb-ad informational true vanced 5590.1 SMB: User Enumeration service-smb-ad informational true vanced 5590.1 SMB: User Enumeration service-smb-ad informational true vanced 5591.0 SMB: Windows Share service-smb-ad informational true Enumeration vanced 5591.0 SMB: Windows Share service-smb-ad informational true Enumeration vanced 5591.1 SMB: Windows Share service-smb-ad informational true Enumeration vanced 5591.1 SMB: Windows Share service-smb-ad informational true Enumeration vanced 5592.0 SMB: RFPoison Attack service-smb-ad high true vanced 5592.0 SMB: RFPoison Attack service-smb-ad high true vanced 5598.0 Windows Workstation service-smb-ad high true Service Overflow vanced 5598.0 Windows Workstation service-smb-ad high true Service Overflow vanced 5598.1 Windows Workstation service-smb-ad high true Service Overflow vanced 5598.1 Windows Workstation service-smb-ad high true Service Overflow vanced 5600.0 Windows ASN.1 Bit String service-smb-ad high true NTLMv2 Integer Overflow vanced 5600.0 Windows ASN.1 Bit String service-smb-ad high true NTLMv2 Integer Overflow vanced 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5858.5 DNS Server RPC Interface service-smb-ad high true Buffer Overflow vanced 5858.5 DNS Server RPC Interface service-smb-ad high true Buffer Overflow vanced 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6769.0 Netware LSASS CIFS.NLM service-smb-ad high true Driver Overflow vanced 6769.0 Netware LSASS CIFS.NLM service-smb-ad high true Driver Overflow vanced 6946.0 Web Client Remote Code service-smb-ad high true Execution Vulnerability vanced 6946.0 Web Client Remote Code service-smb-ad high true Execution Vulnerability vanced 7280.0 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.0 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.1 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.1 Windows Server Service service-smb-ad high true Remote Code Execution vanced CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S364 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7280.1 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.1 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.1 Windows Server Service service-smb-ad high true Remote Code Execution vanced TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7280.0 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.0 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.0 Windows Server Service service-smb-ad high true Remote Code Execution vanced CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S363 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7280.0 Windows Server Service service-smb-ad high true Remote Code Execution vanced 7280.0 Windows Server Service service-smb-ad high true Remote Code Execution vanced TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S362 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7261.0 IPP Service Integer string-tcp high true Overflow Exploit 7261.0 IPP Service Integer string-tcp high true Overflow Exploit 7261.0 IPP Service Integer string-tcp high true Overflow Exploit 7262.0 Active Directory Overflow string-tcp high true Exploit 7262.0 Active Directory Overflow string-tcp high true Exploit 7262.0 Active Directory Overflow string-tcp high true Exploit TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5683.0 Vista Feed Headlines meta high false Gadget Remote Code Execution 5683.0 Vista Feed Headlines meta high false Gadget Remote Code Execution 5683.0 Vista Feed Headlines meta high false Gadget Remote Code Execution 5683.1 Vista Feed Headlines string-tcp informational false Gadget Remote Code Execution 5683.1 Vista Feed Headlines string-tcp informational false Gadget Remote Code Execution 5683.1 Vista Feed Headlines string-tcp informational false Gadget Remote Code Execution 5683.2 Vista Feed Headlines string-tcp informational false Gadget Remote Code Execution 5683.2 Vista Feed Headlines string-tcp informational false Gadget Remote Code Execution 5683.2 Vista Feed Headlines string-tcp informational false Gadget Remote Code Execution 5930.5 Generic SQL Injection service-http high true 5930.5 Generic SQL Injection service-http high true 5930.5 Generic SQL Injection service-http high true 5930.18 Generic SQL Injection service-http high true 5930.18 Generic SQL Injection service-http high true 5930.18 Generic SQL Injection service-http high true 6962.0 Cisco Unity DOS atomic-ip medium false 6962.0 Cisco Unity DOS atomic-ip medium false 6962.0 Cisco Unity DOS atomic-ip medium false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S361 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5404.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption 5404.0 Internet Explorer string-tcp high true Uninitialized Memory Corruption 5925.0 Internet Explorer HTML string-tcp high true Object Memory Corruption 5925.0 Internet Explorer HTML string-tcp high true Object Memory Corruption 5930.8 Generic SQL Injection service-http high true 5930.8 Generic SQL Injection service-http high true 5930.9 Generic SQL Injection service-http high true 5930.9 Generic SQL Injection service-http high true 5930.10 Generic SQL Injection service-http high true 5930.10 Generic SQL Injection service-http high true 5930.11 Generic SQL Injection service-http high false 5930.11 Generic SQL Injection service-http high false 5930.12 Generic SQL Injection service-http high true 5930.12 Generic SQL Injection service-http high true 5930.13 Generic SQL Injection service-http high true 5930.13 Generic SQL Injection service-http high true 5930.14 Generic SQL Injection service-http high true 5930.14 Generic SQL Injection service-http high true 5930.15 Generic SQL Injection service-http high true 5930.15 Generic SQL Injection service-http high true 5930.16 Generic SQL Injection service-http high true 5930.16 Generic SQL Injection service-http high true 5930.17 Generic SQL Injection service-http high true 5930.17 Generic SQL Injection service-http high true 5930.18 Generic SQL Injection service-http high true 5930.18 Generic SQL Injection service-http high true 5930.19 Generic SQL Injection service-http high true 5930.19 Generic SQL Injection service-http high true 5930.20 Generic SQL Injection service-http high true 5930.20 Generic SQL Injection service-http high true 7244.0 Microsoft Excel Buffer string-tcp high true Overflow 7244.0 Microsoft Excel Buffer string-tcp high true Overflow 7245.0 Microsoft Excel Integer string-tcp high true Overflow 7245.0 Microsoft Excel Integer string-tcp high true Overflow 7245.1 Microsoft Excel Integer string-tcp high true Overflow 7245.1 Microsoft Excel Integer string-tcp high true Overflow 7246.0 Microsoft Excel string-tcp high true Spreadsheet Buffer Overflow 7246.0 Microsoft Excel string-tcp high true Spreadsheet Buffer Overflow 7247.0 Window Location Property string-tcp high true Cross Domain Information Disclosure 7247.0 Window Location Property string-tcp high true Cross Domain Information Disclosure 7257.0 Microsoft Internet string-tcp high true Explorer Cross Domain Information Disclosure 7257.0 Microsoft Internet string-tcp high true Explorer Cross Domain Information Disclosure 7258.0 SMB Remote Code Execution string-tcp high true 7258.0 SMB Remote Code Execution string-tcp high true 7259.0 Microsoft Message Queing service-msrpc high true Remote Code Execution 7259.0 Microsoft Message Queing service-msrpc high true Remote Code Execution 7270.0 Host Integration Server service-msrpc informational true Remote Code Execution 7270.0 Host Integration Server service-msrpc informational true Remote Code Execution TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6930.2 Office Web Components URL string-tcp informational true Parsing Vulnerability 6930.2 Office Web Components URL string-tcp informational true Parsing Vulnerability 6981.0 Microsoft PowerPoint meta high false Memory Allocation Exploit 6981.0 Microsoft PowerPoint meta high false Memory Allocation Exploit 6981.1 Microsoft PowerPoint string-tcp informational false Memory Allocation Exploit 6981.1 Microsoft PowerPoint string-tcp informational false Memory Allocation Exploit 6981.2 Microsoft PowerPoint string-tcp informational false Memory Allocation Exploit 6981.2 Microsoft PowerPoint string-tcp informational false Memory Allocation Exploit 6981.3 Microsoft PowerPoint meta informational false Memory Allocation Exploit 6981.3 Microsoft PowerPoint meta informational false Memory Allocation Exploit CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S360 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5886.0 Sun Java Socks Proxy string-tcp high true Overflow 5886.0 Sun Java Socks Proxy string-tcp high true Overflow 5894.2 Storm Worm fixed-udp high true 5894.2 Storm Worm fixed-udp high true 6070.0 Windows Media Format meta high true Remote Code Execution 6070.0 Windows Media Format meta high true Remote Code Execution 6070.1 Windows Media Format string-tcp informational true Remote Code Execution 6070.1 Windows Media Format string-tcp informational true Remote Code Execution 6070.2 Windows Media Format string-tcp informational true Remote Code Execution 6070.2 Windows Media Format string-tcp informational true Remote Code Execution 6070.3 Windows Media Format string-tcp informational true Remote Code Execution 6070.3 Windows Media Format string-tcp informational true Remote Code Execution 6070.4 Windows Media Format meta high true Remote Code Execution 6070.4 Windows Media Format meta high true Remote Code Execution 6070.5 Windows Media Format string-tcp informational true Remote Code Execution 6070.5 Windows Media Format string-tcp informational true Remote Code Execution 6070.6 Windows Media Format meta high true Remote Code Execution 6070.6 Windows Media Format meta high true Remote Code Execution 6070.7 Windows Media Format string-tcp informational true Remote Code Execution 6070.7 Windows Media Format string-tcp informational true Remote Code Execution 6962.0 Cisco Unity DOS atomic-ip medium true 6962.0 Cisco Unity DOS atomic-ip medium true 6970.0 DirectShow SAMI Parsing meta high true Remote Code Execution 6970.0 DirectShow SAMI Parsing meta high true Remote Code Execution 6970.1 DirectShow SAMI Parsing string-tcp informational true Remote Code Execution 6970.1 DirectShow SAMI Parsing string-tcp informational true Remote Code Execution 6970.2 DirectShow SAMI Parsing meta high true Remote Code Execution 6970.2 DirectShow SAMI Parsing meta high true Remote Code Execution 6970.3 DirectShow SAMI Parsing string-tcp informational true Remote Code Execution 6970.3 DirectShow SAMI Parsing string-tcp informational true Remote Code Execution 6970.4 DirectShow SAMI Parsing string-tcp informational true Remote Code Execution 6970.4 DirectShow SAMI Parsing string-tcp informational true Remote Code Execution 6971.0 Generic Exploit Component string-tcp informational true 6971.0 Generic Exploit Component string-tcp informational true 9584.0 Backdoor Stumbler atomic-ip high false 9584.0 Backdoor Stumbler atomic-ip high false TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5894.1 Storm Worm atomic-ip high false 5894.1 Storm Worm atomic-ip high false 5899.0 MSN Messenger Webcam atomic-ip high false Buffer Overflow 5899.0 MSN Messenger Webcam atomic-ip high false Buffer Overflow 5930.0 Generic SQL Injection service-http high true 5930.0 Generic SQL Injection service-http high true 5930.1 Generic SQL Injection service-http high true 5930.1 Generic SQL Injection service-http high true 5930.2 Generic SQL Injection service-http high true 5930.2 Generic SQL Injection service-http high true 5930.3 Generic SQL Injection service-http high true 5930.3 Generic SQL Injection service-http high true 5930.4 Generic SQL Injection service-http high true 5930.4 Generic SQL Injection service-http high true 5930.5 Generic SQL Injection service-http high true 5930.5 Generic SQL Injection service-http high true 5930.6 Generic SQL Injection service-http high true 5930.6 Generic SQL Injection service-http high true 5930.7 Generic SQL Injection service-http high false 5930.7 Generic SQL Injection service-http high false 6017.0 DirectShow SAMI Parsing meta high false Remote Code Execution 6017.0 DirectShow SAMI Parsing meta high false Remote Code Execution 6017.1 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6017.1 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6017.2 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6017.2 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6017.3 DirectShow SAMI Parsing meta high false Remote Code Execution 6017.3 DirectShow SAMI Parsing meta high false Remote Code Execution 6017.4 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6017.4 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6017.5 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6017.5 DirectShow SAMI Parsing string-tcp informational false Remote Code Execution 6069.0 Windows Media Format meta high false Remote Code Execution 6069.0 Windows Media Format meta high false Remote Code Execution 6069.1 Windows Media Format string-tcp informational false Remote Code Execution 6069.1 Windows Media Format string-tcp informational false Remote Code Execution 6069.2 Windows Media Format string-tcp informational false Remote Code Execution 6069.2 Windows Media Format string-tcp informational false Remote Code Execution 6069.3 Windows Media Format string-tcp informational false Remote Code Execution 6069.3 Windows Media Format string-tcp informational false Remote Code Execution 6069.4 Windows Media Format meta high false Remote Code Execution 6069.4 Windows Media Format meta high false Remote Code Execution 6069.5 Windows Media Format string-tcp informational false Remote Code Execution 6069.5 Windows Media Format string-tcp informational false Remote Code Execution 6069.6 Windows Media Format meta high false Remote Code Execution 6069.6 Windows Media Format meta high false Remote Code Execution 6069.7 Windows Media Format string-tcp informational false Remote Code Execution 6069.7 Windows Media Format string-tcp informational false Remote Code Execution 6069.8 Windows Media Format string-tcp informational false Remote Code Execution 6069.8 Windows Media Format string-tcp informational false Remote Code Execution 6545.0 WINS Local Privilege atomic-ip low true Escalation 6545.0 WINS Local Privilege atomic-ip low true Escalation 7212.0 Web Application Security service-http high true Test/Attack 7212.0 Web Application Security service-http high true Test/Attack CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S359 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6296.0 IBM Lotus Sametime Server service-http high true Multiplexer Stack Buffer Overflow 6296.0 IBM Lotus Sametime Server service-http high true Multiplexer Stack Buffer Overflow 6981.2 Microsoft PowerPoint string-tcp informational true Memory Allocation Exploit 6981.2 Microsoft PowerPoint string-tcp informational true Memory Allocation Exploit 6981.3 Microsoft PowerPoint meta informational true Memory Allocation Exploit 6981.3 Microsoft PowerPoint meta informational true Memory Allocation Exploit 7266.0 TWiki Remote Command service-http high true Execution 7266.0 TWiki Remote Command service-http high true Execution 7274.0 FlashGet FTP PWD Buffer string-tcp high true Overflow 7274.0 FlashGet FTP PWD Buffer string-tcp high true Overflow 7278.0 Quicktime/Itunes Heap string-tcp high true Overflow 7278.0 Quicktime/Itunes Heap string-tcp high true Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5477.2 Possible Heap Payload string-tcp informational true Construction 5477.2 Possible Heap Payload string-tcp informational true Construction 5585.0 SMB Suspicious Password service-smb-ad medium false Usage vanced 5585.0 SMB Suspicious Password service-smb-ad medium false Usage vanced 5597.0 SMB MSRPC Messenger service-smb-ad high true Overflow vanced 5597.0 SMB MSRPC Messenger service-smb-ad high true Overflow vanced 5602.0 Windows System32 service-smb-ad medium true Directory File Access vanced 5602.0 Windows System32 service-smb-ad medium true Directory File Access vanced 5603.0 MSRPC Protocol violation service-smb-ad medium false vanced 5603.0 MSRPC Protocol violation service-smb-ad medium false vanced 5888.0 TLBINF32.DLL COM Object string-tcp high true Instantiation 5888.0 TLBINF32.DLL COM Object string-tcp high true Instantiation 5892.0 Motive Communications string-tcp high true ActiveUtils Buffer Overflow 5892.0 Motive Communications string-tcp high true ActiveUtils Buffer Overflow 6187.0 CallManager TCP atomic-ip medium true Connection DoS 6187.0 CallManager TCP atomic-ip medium true Connection DoS 6981.0 Microsoft PowerPoint meta high true Memory Allocation Exploit 6981.0 Microsoft PowerPoint meta high true Memory Allocation Exploit 6981.1 Microsoft PowerPoint string-tcp informational true Memory Allocation Exploit 6981.1 Microsoft PowerPoint string-tcp informational true Memory Allocation Exploit CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S358 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5930.7 Generic SQL Injection service-http high false 5930.7 Generic SQL Injection service-http high false 6989.0 IOSFW HTTP Inspection service-http high true Vulnerability 6989.0 IOSFW HTTP Inspection service-http high true Vulnerability 6999.0 Cisco PIM Multicast atomic-ip medium true Denial of Service Attack 6999.0 Cisco PIM Multicast atomic-ip medium true Denial of Service Attack 7269.0 Trend Micro OfficeScan service-http high true Server Overflow 7269.0 Trend Micro OfficeScan service-http high true Server Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5126.0 WWW IIS .ida Indexing service-http high true Service Overflow 5126.0 WWW IIS .ida Indexing service-http high true Service Overflow 5732.0 Web Client Remote Code meta high false Execution Vulnerability 5732.0 Web Client Remote Code meta high false Execution Vulnerability 5732.1 Web Client Remote Code string-tcp informational false Execution Vulnerability 5732.1 Web Client Remote Code string-tcp informational false Execution Vulnerability 5732.2 Web Client Remote Code string-tcp medium false Execution Vulnerability 5732.2 Web Client Remote Code string-tcp medium false Execution Vulnerability 6994.0 Cisco Secure ACS EAP service-generi high true Overflow c 6994.0 Cisco Secure ACS EAP service-generi high true Overflow c CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S357 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6789.0 Winamp Ultravox Stream string-tcp high true Title Stack Overflow 6789.0 Winamp Ultravox Stream string-tcp high true Title Stack Overflow 7277.0 Microsoft Windows SMB multi-string high true WRITE_ANDX Memory Corruption 7277.0 Microsoft Windows SMB multi-string high true WRITE_ANDX Memory Corruption TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5440.0 IRC Bot Activity string-tcp low true 5440.0 IRC Bot Activity string-tcp low true 5561.0 Windows SMTP Overflow meta high false 5561.0 Windows SMTP Overflow meta high false 5561.1 Windows SMTP Overflow service-dns informational false 5561.1 Windows SMTP Overflow service-dns informational false 5561.2 Windows SMTP Overflow string-tcp medium false 5561.2 Windows SMTP Overflow string-tcp medium false 5915.0 Microsoft FoxPro ActiveX string-tcp high true Vulnerability 5915.0 Microsoft FoxPro ActiveX string-tcp high true Vulnerability 6235.0 Apple Quicktime SMIL string-tcp high true Overflow 6235.0 Apple Quicktime SMIL string-tcp high true Overflow 6249.0 Visual Studio 6 ActiveX string-tcp high true Exploit 6249.0 Visual Studio 6 ActiveX string-tcp high true Exploit 6785.2 Microsoft Visual Basic string-tcp informational true VBP File Processing Buffer Overflow 6785.2 Microsoft Visual Basic string-tcp informational true VBP File Processing Buffer Overflow 6935.0 CVE-2008-1086 ActiveX string-tcp high true Killbit Update 6935.0 CVE-2008-1086 ActiveX string-tcp high true Killbit Update 7217.0 Yahoo Toolbar ActiveX meta high true Buffer Overflow 7217.0 Yahoo Toolbar ActiveX meta high true Buffer Overflow 7217.1 Yahoo Toolbar ActiveX string-tcp low true Buffer Overflow 7217.1 Yahoo Toolbar ActiveX string-tcp low true Buffer Overflow 7217.2 Yahoo Toolbar ActiveX string-tcp informational true Buffer Overflow 7217.2 Yahoo Toolbar ActiveX string-tcp informational true Buffer Overflow 7273.0 Ipswitch FTP Client string-tcp high true Format String 7273.0 Ipswitch FTP Client string-tcp high true Format String CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S356 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7217.0 Yahoo Toolbar ActiveX meta high true Buffer Overflow 7217.0 Yahoo Toolbar ActiveX meta high true Buffer Overflow 7217.1 Yahoo Toolbar ActiveX string-tcp low true Buffer Overflow 7217.1 Yahoo Toolbar ActiveX string-tcp low true Buffer Overflow 7217.2 Yahoo Toolbar ActiveX string-tcp informational true Buffer Overflow 7217.2 Yahoo Toolbar ActiveX string-tcp informational true Buffer Overflow 7234.0 CitectSCADA ODBC Service string-tcp high true Buffer Overflow 7234.0 CitectSCADA ODBC Service string-tcp high true Buffer Overflow 7273.0 Ipswitch FTP Client string-tcp high true Format String 7273.0 Ipswitch FTP Client string-tcp high true Format String TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 3651.0 SSH CRC32 Overflow service-ssh high false 3651.0 SSH CRC32 Overflow service-ssh high false 3651.0 SSH CRC32 Overflow service-ssh high false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S355 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5986.0 Microsoft GDI+ GIF string-tcp high true Parsing Vulnerability 5986.0 Microsoft GDI+ GIF string-tcp high true Parsing Vulnerability 6972.0 Rosoft Media Player string-tcp high true Overflow 6972.0 Rosoft Media Player string-tcp high true Overflow 6990.0 Visual Studio meta high true Msmask32.ocx ActiveX Buffer Overflow 6990.0 Visual Studio meta high true Msmask32.ocx ActiveX Buffer Overflow 6990.1 Visual Studio string-tcp informational true Msmask32.ocx ActiveX Buffer Overflow 6990.1 Visual Studio string-tcp informational true Msmask32.ocx ActiveX Buffer Overflow 6990.2 Visual Studio string-tcp informational true Msmask32.ocx ActiveX Buffer Overflow 6990.2 Visual Studio string-tcp informational true Msmask32.ocx ActiveX Buffer Overflow 6991.0 Symantec Veritas Storage multi-string high true Foundation Null Session 6991.0 Symantec Veritas Storage multi-string high true Foundation Null Session 6994.0 Cisco Secure ACS EAP service-generi high true Overflow c 6994.0 Cisco Secure ACS EAP service-generi high true Overflow c 6995.0 GDI EMF Memory Corruption string-tcp high true Vulnerability 6995.0 GDI EMF Memory Corruption string-tcp high true Vulnerability 6996.0 GDI+ BMP Integer Overflow string-tcp high true 6996.0 GDI+ BMP Integer Overflow string-tcp high true 6997.0 OneNote Uniform Resource string-tcp high true Locator Validation Error Vulnerability 6997.0 OneNote Uniform Resource string-tcp high true Locator Validation Error Vulnerability 6998.0 Microsoft GDI+ WMF Buffer string-tcp high true Overrun Exploit 6998.0 Microsoft GDI+ WMF Buffer string-tcp high true Overrun Exploit 7231.0 Windows Media Encoder 9 meta high true Remote Code Execution 7231.0 Windows Media Encoder 9 meta high true Remote Code Execution 7231.1 Windows Media Encoder 9 string-tcp informational true Remote Code Execution 7231.1 Windows Media Encoder 9 string-tcp informational true Remote Code Execution 7231.2 Windows Media Encoder 9 string-tcp informational true Remote Code Execution 7231.2 Windows Media Encoder 9 string-tcp informational true Remote Code Execution 7271.0 GDI+ VML Buffer Overrun string-tcp high true Vulnerability 7271.0 GDI+ VML Buffer Overrun string-tcp high true Vulnerability TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5114.0 WWW IIS Unicode Attack service-http high true 5114.0 WWW IIS Unicode Attack service-http high true 5114.1 WWW IIS Unicode Attack service-http high true 5114.1 WWW IIS Unicode Attack service-http high true 5114.2 WWW IIS Unicode Attack service-http high true 5114.2 WWW IIS Unicode Attack service-http high true 5114.3 WWW IIS Unicode Attack service-http high true 5114.3 WWW IIS Unicode Attack service-http high true 5114.4 WWW IIS Unicode Attack service-http high true 5114.4 WWW IIS Unicode Attack service-http high true 5114.5 WWW IIS Unicode Attack service-http high true 5114.5 WWW IIS Unicode Attack service-http high true 5114.6 WWW IIS Unicode Attack service-http high true 5114.6 WWW IIS Unicode Attack service-http high true 5114.7 WWW IIS Unicode Attack service-http high true 5114.7 WWW IIS Unicode Attack service-http high true 5114.8 WWW IIS Unicode Attack service-http high true 5114.8 WWW IIS Unicode Attack service-http high true 5126.0 WWW IIS .ida Indexing service-http high true Service Overflow 5126.0 WWW IIS .ida Indexing service-http high true Service Overflow 5726.0 Active Directory Failed multi-string medium false Login 5726.0 Active Directory Failed multi-string medium false Login 5726.1 Active Directory Failed multi-string medium false Login 5726.1 Active Directory Failed multi-string medium false Login CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S354 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 7212.0 Web Application Security service-http high true Test/Attack 7212.0 Web Application Security service-http high true Test/Attack 7212.1 Web Application Security service-http high true Test/Attack 7212.1 Web Application Security service-http high true Test/Attack 7220.0 Pidgin MSN Overflow string-tcp high true 7220.0 Pidgin MSN Overflow string-tcp high true 7222.0 Joomla 1.5 Password Token service-http high true Bypass 7222.0 Joomla 1.5 Password Token service-http high true Bypass 7275.0 Linux Kernel DCCP service-generi high true dccp_setsockopt_change c Integer Overflow 7275.0 Linux Kernel DCCP service-generi high true dccp_setsockopt_change c Integer Overflow 7415.0 OpenLDAP BER Decoding DoS string-tcp high true 7415.0 OpenLDAP BER Decoding DoS string-tcp high true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 2152.0 ICMP Flood flood-host medium false 2152.0 ICMP Flood flood-host medium false 2157.1 ICMP Hard Error DoS atomic-ip medium false 2157.1 ICMP Hard Error DoS atomic-ip medium false 3102.0 Sendmail Invalid Sender state medium false 3102.0 Sendmail Invalid Sender state medium false 3109.0 Long SMTP Command state medium false 3109.0 Long SMTP Command state medium false 3109.1 Long SMTP Command state medium false 3109.1 Long SMTP Command state medium false 4055.2 B02K-UDP trojan-udp high false 4055.2 B02K-UDP trojan-udp high false 5477.2 Possible Heap Payload string-tcp high true Construction 5477.2 Possible Heap Payload string-tcp high true Construction 5726.0 Active Directory Failed multi-string medium false Login 5726.0 Active Directory Failed multi-string medium false Login 5726.1 Active Directory Failed multi-string medium false Login 5726.1 Active Directory Failed multi-string medium false Login 5807.0 Indexing Service Cross service-http high true Site Scripting Vulnerability 5807.0 Indexing Service Cross service-http high true Site Scripting Vulnerability 6066.0 DNS Tunneling service-dns medium false 6066.0 DNS Tunneling service-dns medium false 6408.0 IE DHTML Memory Corruption meta high false 6408.0 IE DHTML Memory Corruption meta high false 6408.1 IE DHTML Memory Corruption string-tcp informational false 6408.1 IE DHTML Memory Corruption string-tcp informational false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S353 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5930.6 Generic SQL Injection service-http high true 5930.6 Generic SQL Injection service-http high true 7213.0 Poppler Uninitialized string-tcp high true Pointer 7213.0 Poppler Uninitialized string-tcp high true Pointer 7216.0 Skype Skype4COM: Heap string-tcp high true Corruption 7216.0 Skype Skype4COM: Heap string-tcp high true Corruption 7218.0 Lotus Notes Applix state high true Graphics Overflow 7218.0 Lotus Notes Applix state high true Graphics Overflow 7225.0 Adobe Flash Clipboard string-tcp high true Hijack 7225.0 Adobe Flash Clipboard string-tcp high true Hijack 7226.0 Version Agnostic IOS fixed-tcp high true Shellcode 7226.0 Version Agnostic IOS fixed-tcp high true Shellcode 7226.1 Version Agnostic IOS fixed-udp high true Shellcode 7226.1 Version Agnostic IOS fixed-udp high true Shellcode TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5905.1 Microsoft Internet string-tcp low true Explorer Address Bar Spoof 5905.1 Microsoft Internet string-tcp low true Explorer Address Bar Spoof CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S352 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6988.0 WebEx Meeting Manager meta high true ActiveX Overflow 6988.0 WebEx Meeting Manager meta high true ActiveX Overflow 6988.1 WebEx Meeting Manager string-tcp informational true ActiveX Overflow 6988.1 WebEx Meeting Manager string-tcp informational true ActiveX Overflow TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S351 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5940.0 HTML Objects Memory string-tcp high true Corruption Vulnerability 5940.0 HTML Objects Memory string-tcp high true Corruption Vulnerability 6280.0 Messenger Information string-tcp low false Disclosure Vulnerability 6280.0 Messenger Information string-tcp low false Disclosure Vulnerability 6281.0 Malformed EPS Filter string-tcp high true Vulnerability 6281.0 Malformed EPS Filter string-tcp high true Vulnerability 6282.0 Malformed PICT Filter string-tcp high true Vulnerability 6282.0 Malformed PICT Filter string-tcp high true Vulnerability 6283.0 Malformed BMP Filter string-tcp high true Vulnerability 6283.0 Malformed BMP Filter string-tcp high true Vulnerability 6932.0 HTML Objects string-tcp high true Uninitialized Memory Corruption Vulnerability 6932.0 HTML Objects string-tcp high true Uninitialized Memory Corruption Vulnerability 6938.0 Microsoft IE Argument string-tcp high true Handling Memory Corruption Exploit 6938.0 Microsoft IE Argument string-tcp high true Handling Memory Corruption Exploit 6976.0 Microsoft Powerpoint 2003 string-tcp high true Viewer Buffer Overflow 6976.0 Microsoft Powerpoint 2003 string-tcp high true Viewer Buffer Overflow 6978.0 PowerPoint Parsing string-tcp high true Overflow 6978.0 PowerPoint Parsing string-tcp high true Overflow 6981.0 Microsoft PowerPoint meta high true Memory Allocation Exploit 6981.0 Microsoft PowerPoint meta high true Memory Allocation Exploit 6981.1 Microsoft PowerPoint string-tcp informational true Memory Allocation Exploit 6981.1 Microsoft PowerPoint string-tcp informational true Memory Allocation Exploit 6983.0 Microsoft PICT Filter string-tcp high true Parsing Exploit 6983.0 Microsoft PICT Filter string-tcp high true Parsing Exploit 6984.0 Windows Image Color meta high true Management System RCE 6984.0 Windows Image Color meta high true Management System RCE 6984.1 Windows Image Color string-tcp informational true Management System RCE 6984.1 Windows Image Color string-tcp informational true Management System RCE 6984.2 Windows Image Color string-tcp informational true Management System RCE 6984.2 Windows Image Color string-tcp informational true Management System RCE 6984.3 Windows Image Color meta informational true Management System RCE 6984.3 Windows Image Color meta informational true Management System RCE 6985.0 Microsoft Office WPG string-tcp high true Image File Heap Corruption Exploit 6985.0 Microsoft Office WPG string-tcp high true Image File Heap Corruption Exploit 6986.0 Microsoft IE HTML Objects string-tcp high true Memory Corruption Exploit 6986.0 Microsoft IE HTML Objects string-tcp high true Memory Corruption Exploit 6986.1 Microsoft IE HTML Objects string-tcp high true Memory Corruption Exploit 6986.1 Microsoft IE HTML Objects string-tcp high true Memory Corruption Exploit 7210.0 Microsoft Excel Remote string-tcp high true Code Execution 7210.0 Microsoft Excel Remote string-tcp high true Code Execution 7210.1 Microsoft Excel Remote string-tcp high true Code Execution 7210.1 Microsoft Excel Remote string-tcp high true Code Execution 7210.2 Microsoft Excel Remote string-tcp high true Code Execution 7210.2 Microsoft Excel Remote string-tcp high true Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S350 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6279.0 Citrix Presentation meta high true Server Client ActiveX Overflow 6279.0 Citrix Presentation meta high true Server Client ActiveX Overflow 6279.1 Citrix Presentation string-tcp informational true Server Client ActiveX Overflow 6279.1 Citrix Presentation string-tcp informational true Server Client ActiveX Overflow 6974.0 Motorola Timbuktu Pro string-tcp high true Arbitrary File Deletion/Creation 6974.0 Motorola Timbuktu Pro string-tcp high true Arbitrary File Deletion/Creation 6979.0 BEA WebLogic Server string-tcp high true Apache Connector HTTP Version String BO 6979.0 BEA WebLogic Server string-tcp high true Apache Connector HTTP Version String BO 7209.0 Trend Micro OfficeScan BO meta high true Exploit 7209.0 Trend Micro OfficeScan BO meta high true Exploit 7209.1 Trend Micro OfficeScan BO string-tcp informational true Exploit 7209.1 Trend Micro OfficeScan BO string-tcp informational true Exploit TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5833.0 Quicktime RTSP URL string-tcp high true Vulnerability 5833.0 Quicktime RTSP URL string-tcp high true Vulnerability 5906.0 Microsoft Malformed Word string-tcp high true Document Code Execution 5906.0 Microsoft Malformed Word string-tcp high true Document Code Execution CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S349 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5879.0 Apple QuickTime Java string-tcp high true QTPointer Vulnerability 5879.0 Apple QuickTime Java string-tcp high true QTPointer Vulnerability 5930.0 Generic SQL Injection service-http high true 5930.0 Generic SQL Injection service-http high true 5930.1 Generic SQL Injection service-http high true 5930.1 Generic SQL Injection service-http high true 5930.2 Generic SQL Injection service-http high true 5930.2 Generic SQL Injection service-http high true 5930.3 Generic SQL Injection service-http high true 5930.3 Generic SQL Injection service-http high true 5930.4 Generic SQL Injection service-http high true 5930.4 Generic SQL Injection service-http high true 5930.5 Generic SQL Injection service-http high true 5930.5 Generic SQL Injection service-http high true 5931.0 Google Ratproxy service-http informational true 5931.0 Google Ratproxy service-http informational true 5931.1 Google Ratproxy service-http high true 5931.1 Google Ratproxy service-http high true 6267.0 IMAP Long FETCH Command string-tcp high true 6267.0 IMAP Long FETCH Command string-tcp high true 6268.0 HP Openview Network Node string-tcp high true Manager Buffer Overflow 6268.0 HP Openview Network Node string-tcp high true Manager Buffer Overflow 6798.0 HP StorageWorks Buffer string-tcp high true Overflow 6798.0 HP StorageWorks Buffer string-tcp high true Overflow 6946.0 Web Client Remote Code service-smb-ad high true Execution Vulnerability vanced 6946.0 Web Client Remote Code service-smb-ad high true Execution Vulnerability vanced TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S348 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6973.0 IOS FTPd MKD Command string-tcp high true Buffer Overflow 6973.0 IOS FTPd MKD Command string-tcp high true Buffer Overflow TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S347 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6945.0 HP OpenView OVAS.EXE service-http high true Stack Overflow 6945.0 HP OpenView OVAS.EXE service-http high true Stack Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 4004.0 DNS Flood Attack flood-host medium true 4004.0 DNS Flood Attack flood-host medium true 5583.0 SMB Remote SAM Service service-smb-ad informational true Access Attempt vanced 5583.0 SMB Remote SAM Service service-smb-ad informational true Access Attempt vanced 5589.0 SMB: ADMIN$ Hidden Share service-smb-ad low true Access Attempt vanced 5589.0 SMB: ADMIN$ Hidden Share service-smb-ad low true Access Attempt vanced 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5858.5 DNS Server RPC Interface service-smb-ad high true Buffer Overflow vanced 5858.5 DNS Server RPC Interface service-smb-ad high true Buffer Overflow vanced 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S346 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6298.0 Creative Software meta high true AutoUpdate Engine ActiveX Stack-Overflow 6298.0 Creative Software meta high true AutoUpdate Engine ActiveX Stack-Overflow 6298.1 Creative Software string-tcp informational true AutoUpdate Engine ActiveX Stack-Overflow 6298.1 Creative Software string-tcp informational true AutoUpdate Engine ActiveX Stack-Overflow TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S345 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6524.0 Yahoo! Assistant meta high true yNotifier.dll ActiveX Control Code Execution 6524.0 Yahoo! Assistant meta high true yNotifier.dll ActiveX Control Code Execution 6524.1 Yahoo! Assistant string-tcp informational true yNotifier.dll ActiveX Control Code Execution 6524.1 Yahoo! Assistant string-tcp informational true yNotifier.dll ActiveX Control Code Execution TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5590.0 SMB: User Enumeration service-smb-ad informational true vanced 5590.0 SMB: User Enumeration service-smb-ad informational true vanced 6184.0 Large SIP Message atomic-ip medium false 6184.0 Large SIP Message atomic-ip medium false 6518.1 SIP Long Header Field atomic-ip medium true 6518.1 SIP Long Header Field atomic-ip medium true 6520.0 Long SIP Message atomic-ip medium false 6520.0 Long SIP Message atomic-ip medium false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S344 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6969.0 Microsoft Word Smart Tag string-tcp high true Corruption Exploit 6969.0 Microsoft Word Smart Tag string-tcp high true Corruption Exploit TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6967.0 Microsoft SQL Server multi-string high true Privilege Elevation 6967.0 Microsoft SQL Server multi-string high true Privilege Elevation CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S343 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 4004.0 DNS Flood Attack flood-host medium true 4004.0 DNS Flood Attack flood-host medium true 6790.0 Outlook Web Access state high true Privilege Escalation 6790.0 Outlook Web Access state high true Privilege Escalation 6790.1 Outlook Web Access state high true Privilege Escalation 6790.1 Outlook Web Access state high true Privilege Escalation 6792.0 SQL Memory Corruption service-http high true Vulnerability 6792.0 SQL Memory Corruption service-http high true Vulnerability 6966.0 Malformed Search File meta high true Code Execution 6966.0 Malformed Search File meta high true Code Execution 6966.1 Malformed Search File string-tcp informational true Code Execution 6966.1 Malformed Search File string-tcp informational true Code Execution 6966.2 Malformed Search File string-tcp informational true Code Execution 6966.2 Malformed Search File string-tcp informational true Code Execution 6967.0 Microsoft SQL Server multi-string high true Privilege Elevation 6968.0 Microsoft Access Snapshot meta high true Viewer ActiveX Remote Code Execution 6968.0 Microsoft Access Snapshot meta high true Viewer ActiveX Remote Code Execution 6968.1 Microsoft Access Snapshot meta informational true Viewer ActiveX Remote Code Execution 6968.1 Microsoft Access Snapshot meta informational true Viewer ActiveX Remote Code Execution 6968.2 Microsoft Access Snapshot string-tcp informational true Viewer ActiveX Remote Code Execution 6968.2 Microsoft Access Snapshot string-tcp informational true Viewer ActiveX Remote Code Execution 6968.3 Microsoft Access Snapshot string-tcp informational true Viewer ActiveX Remote Code Execution 6968.3 Microsoft Access Snapshot string-tcp informational true Viewer ActiveX Remote Code Execution 6968.4 Microsoft Access Snapshot string-tcp informational true Viewer ActiveX Remote Code Execution 6968.4 Microsoft Access Snapshot string-tcp informational true Viewer ActiveX Remote Code Execution TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S342 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6964.0 Asprox Injection Attempt service-http high true 6964.0 Asprox Injection Attempt service-http high true TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5565.4 Print Spooler Service service-smb-ad high true Overflow vanced 5565.4 Print Spooler Service service-smb-ad high true Overflow vanced 5588.0 Windows DCOM Overflow service-smb-ad high true vanced 5588.0 Windows DCOM Overflow service-smb-ad high true vanced 5588.1 Windows DCOM Overflow service-smb-ad high true vanced 5588.1 Windows DCOM Overflow service-smb-ad high true vanced 6769.0 Netware LSASS CIFS.NLM service-smb-ad high true Driver Overflow vanced 6769.0 Netware LSASS CIFS.NLM service-smb-ad high true Driver Overflow vanced CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S341 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6799.0 CUCM CTI DoS service-generi medium true c 6799.0 CUCM CTI DoS service-generi medium true c TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 5913.1 PIX/ASA/FWSM MGCP DoS multi-string medium true 5913.1 PIX/ASA/FWSM MGCP DoS multi-string medium true 7202.0 UDP eDonkey Activity service-p2p low false 7202.0 UDP eDonkey Activity service-p2p low false 11018.1 eDonkey Activity service-p2p low false 11018.1 eDonkey Activity service-p2p low false 11022.1 Overnet Client Scan service-p2p low false 11022.1 Overnet Client Scan service-p2p low false CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S340 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6234.0 VideoLAN VLC Subtitle string-tcp high true Overflow 6234.0 VideoLAN VLC Subtitle string-tcp high true Overflow TUNED SIGNATURES There are no tuned signatures for this release. CAVEATS None. Modified signature(s) detail: None. ================================================================================================= S339 SIGNATURE UPDATE DETAILS NEW SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 6177.0 Malformed SIP Invite atomic-ip medium true Packet 6177.0 Malformed SIP Invite atomic-ip medium true Packet 6178.0 SIP Message DoS atomic-ip medium true 6178.0 SIP Message DoS atomic-ip medium true 6179.0 Malformed MGCP Packet atomic-ip medium true 6179.0 Malformed MGCP Packet atomic-ip medium true 6181.0 SIP DoS service-generi medium true c 6181.0 SIP DoS service-generi medium true c 6184.0 Large SIP Message atomic-ip medium true 6184.0 Large SIP Message atomic-ip medium true 6186.0 RIS Data Collector Heap string-tcp high true Overflow 6186.0 RIS Data Collector Heap string-tcp high true Overflow 6187.0 CallManager TCP atomic-ip medium true Connection DoS 6187.0 CallManager TCP atomic-ip medium true Connection DoS 6515.0 Invalid SIP Response Code atomic-ip medium true 6515.0 Invalid SIP Response Code atomic-ip medium true 6517.0 Malformed Via Header atomic-ip high true 6517.0 Malformed Via Header atomic-ip high true 6518.0 SIP Long Header Field atomic-ip high true 6518.0 SIP Long Header Field atomic-ip high true 6518.1 SIP Long Header Field atomic-ip medium true 6518.1 SIP Long Header Field atomic-ip medium true 6520.0 Long SIP Message atomic-ip medium true 6520.0 Long SIP Message atomic-ip medium true 6521.0 Call Manager Overflow string-tcp medium true 6521.0 Call Manager Overflow string-tcp medium true 6522.0 Failed HTTP Login / HTTP atomic-ip medium true 401 6522.0 Failed HTTP Login / HTTP atomic-ip medium true 401 6523.0 Non-Printable in SIP atomic-ip high false Header 6523.0 Non-Printable in SIP atomic-ip high false Header 6761.0 Cisco Unified string-tcp high true Communications Manager CTL Provider Heap Overflow 6761.0 Cisco Unified string-tcp high true Communications Manager CTL Provider Heap Overflow TUNED SIGNATURES SIGID SIGNAME ENGINE SEVERITY ENABLED 1306.6 TCP option data after EOL normalizer informational true option 1306.6 TCP option data after EOL normalizer informational true option 1315.0 ACK w/o TCP Stream normalizer informational false 1315.0 ACK w/o TCP Stream normalizer informational false 1330.19 TCP timestamp option normalizer informational true detected when not expected 1330.19 TCP timestamp option normalizer informational true detected when not expected 1330.20 TCP winscale option normalizer informational true detected when not expected 1330.20 TCP winscale option normalizer informational true detected when not expected 1330.21 TCP option SACK data normalizer informational true detected when not expected. 1330.21 TCP option SACK data normalizer informational true detected when not expected. 2200.0 Invalid IGMP Header DoS service-generi high false c 2200.0 Invalid IGMP Header DoS service-generi high false c 3307.0 Red Button meta informational false 3307.0 Red Button meta informational false 3327.11 Windows RPC DCOM Overflow meta high true 3327.11 Windows RPC DCOM Overflow meta high true 3334.3 Windows Workstation meta high true Service Overflow 3334.3 Windows Workstation meta high true Service Overflow 3334.4 Windows Workstation meta high true Service Overflow 3334.4 Windows Workstation meta high true Service Overflow 3334.5 Windows Workstation service-msrpc high true Service Overflow 3334.5 Windows Workstation service-msrpc high true Service Overflow 3334.6 Windows Workstation service-msrpc high true Service Overflow 3334.6 Windows Workstation service-msrpc high true Service Overflow 3334.8 Windows Workstation meta high true Service Overflow 3334.8 Windows Workstation meta high true Service Overflow 3338.1 Windows LSASS RPC Overflow meta high true 3338.1 Windows LSASS RPC Overflow meta high true 3338.3 Windows LSASS RPC Overflow service-msrpc high true 3338.3 Windows LSASS RPC Overflow service-msrpc high true 3347.1 Windows ASN.1 Library Bit string-tcp high false String Heap Corruption 3347.1 Windows ASN.1 Library Bit string-tcp high false String Heap Corruption 3353.1 SMB Request Overflow meta high false 3353.1 SMB Request Overflow meta high false 3353.2 SMB Request Overflow meta high false 3353.2 SMB Request Overflow meta high false 3409.3 Telnet Over Non-standard fixed-tcp medium false Ports 3409.3 Telnet Over Non-standard fixed-tcp medium false Ports 3530.0 Cisco Secure ACS service-generi medium false Oversized TACACS+ Attack c 3530.0 Cisco Secure ACS service-generi medium false Oversized TACACS+ Attack c 3531.0 Cisco IOS Telnet DoS service-generi high true c 3531.0 Cisco IOS Telnet DoS service-generi high true c 3532.0 Malformed BGP Open Message service-generi medium true c 3532.0 Malformed BGP Open Message service-generi medium true c 5416.1 IE object data remote meta informational true execution 5416.1 IE object data remote meta informational true execution 5496.0 License Logging Service meta high true Overflow 5496.0 License Logging Service meta high true Overflow 5498.0 Media Player IE Zone meta medium true Bypass 5498.0 Media Player IE Zone meta medium true Bypass 5556.1 Javaprxy.dll Heap Overflow meta high true 5556.1 Javaprxy.dll Heap Overflow meta high true 5556.3 Javaprxy.dll Heap Overflow meta high true 5556.3 Javaprxy.dll Heap Overflow meta high true 5556.4 Javaprxy.dll Heap Overflow meta high true 5556.4 Javaprxy.dll Heap Overflow meta high true 5557.2 Windows ICC Color meta high true Management Module Vulnerability 5557.2 Windows ICC Color meta high true Management Module Vulnerability 5561.0 Windows SMTP Overflow meta high true 5561.0 Windows SMTP Overflow meta high true 5565.2 Print Spooler Service meta high true Overflow 5565.2 Print Spooler Service meta high true Overflow 5565.4 Print Spooler Service service-smb-ad high true Overflow vanced 5565.4 Print Spooler Service service-smb-ad high true Overflow vanced 5567.5 Veritas Backup Exec meta high true Remote Registry Access 5567.5 Veritas Backup Exec meta high true Remote Registry Access 5567.6 Veritas Backup Exec meta high true Remote Registry Access 5567.6 Veritas Backup Exec meta high true Remote Registry Access 5567.7 Veritas Backup Exec meta high true Remote Registry Access 5567.7 Veritas Backup Exec meta high true Remote Registry Access 5567.8 Veritas Backup Exec meta medium true Remote Registry Access 5567.8 Veritas Backup Exec meta medium true Remote Registry Access 5572.1 Design Tools Diagram meta high true Surface ActiveX Control 5572.1 Design Tools Diagram meta high true Surface ActiveX Control 5572.2 Design Tools Diagram meta high true Surface ActiveX Control 5572.2 Design Tools Diagram meta high true Surface ActiveX Control 5588.0 Windows DCOM Overflow service-smb-ad high true vanced 5588.0 Windows DCOM Overflow service-smb-ad high true vanced 5598.0 Windows Workstation service-smb-ad high true Service Overflow vanced 5598.0 Windows Workstation service-smb-ad high true Service Overflow vanced 5598.1 Windows Workstation service-smb-ad high true Service Overflow vanced 5598.1 Windows Workstation service-smb-ad high true Service Overflow vanced 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5601.1 Windows LSASS RPC Overflow service-smb-ad high true vanced 5609.1 IE COM Object Memory meta high true Corruption Vulnerability 5609.1 IE COM Object Memory meta high true Corruption Vulnerability 5609.2 IE COM Object Memory meta high true Corruption Vulnerability 5609.2 IE COM Object Memory meta high true Corruption Vulnerability 5635.2 Plug and Play Overflow meta high true 5635.2 Plug and Play Overflow meta high true 5641.2 MS DTC DoS meta medium true 5641.2 MS DTC DoS meta medium true 5642.3 DirectShow Overflow meta high false 5642.3 DirectShow Overflow meta high false 5644.3 Client Service for meta high true NetWare Overflow 5644.3 Client Service for meta high true NetWare Overflow 5683.0 Vista Feed Headlines meta high true Gadget Remote Code Execution 5683.0 Vista Feed Headlines meta high true Gadget Remote Code Execution 5728.0 Windows IGMP DoS service-generi medium true c 5728.0 Windows IGMP DoS service-generi medium true c 5731.0 Windows Media Player BMP meta high true Processing Vulnerability 5731.0 Windows Media Player BMP meta high true Processing Vulnerability 5732.0 Web Client Remote Code meta high true Execution Vulnerability 5732.0 Web Client Remote Code meta high true Execution Vulnerability 5738.3 Windows ACS Registry meta medium true Access 5738.3 Windows ACS Registry meta medium true Access 5738.4 Windows ACS Registry meta medium true Access 5738.4 Windows ACS Registry meta medium true Access 5747.0 MDAC Function Remote Code meta high true Execution 5747.0 MDAC Function Remote Code meta high true Execution 5748.0 Non-SMTP Session Start meta low true 5748.0 Non-SMTP Session Start meta low true 5759.1 VNC Authentication Bypass string-tcp informational false 5759.1 VNC Authentication Bypass string-tcp informational false 5759.2 VNC Authentication Bypass service-generi informational true c 5759.2 VNC Authentication Bypass service-generi informational true c 5759.3 VNC Authentication Bypass meta high true 5759.3 VNC Authentication Bypass meta high true 5776.0 Routing and Remote Access meta high true Service Code Execution 5776.0 Routing and Remote Access meta high true Service Code Execution 5776.4 Routing and Remote Access meta high true Service Code Execution 5776.4 Routing and Remote Access meta high true Service Code Execution 5794.0 Routing and Remote Access meta high true Service RASMAN Registry Stack Overflow 5794.0 Routing and Remote Access meta high true Service RASMAN Registry Stack Overflow 5797.0 Exchange Calendar DoS meta medium true 5797.0 Exchange Calendar DoS meta medium true 5799.0 Server Service Code meta high false Execution 5799.0 Server Service Code meta high false Execution 5799.4 Server Service Code meta high true Execution 5799.4 Server Service Code meta high true Execution 5799.7 Server Service Code meta high true Execution 5799.7 Server Service Code meta high true Execution 5804.0 VPN3000 Concentrator meta high true Unauthenticated FTP Access 5804.0 VPN3000 Concentrator meta high true Unauthenticated FTP Access 5805.0 VPN3000 Concentrator FTP meta high true RMD Execution 5805.0 VPN3000 Concentrator FTP meta high true RMD Execution 5806.0 Winny P2P Connection meta low false Activity 5806.0 Winny P2P Connection meta low false Activity 5806.1 Winny P2P Connection service-generi informational false Activity c 5806.1 Winny P2P Connection service-generi informational false Activity c 5806.2 Winny P2P Connection service-generi informational false Activity c 5806.2 Winny P2P Connection service-generi informational false Activity c 5806.3 Winny P2P Connection service-generi informational false Activity c 5806.3 Winny P2P Connection service-generi informational false Activity c 5806.4 Winny P2P Connection service-p2p medium true Activity 5806.4 Winny P2P Connection service-p2p medium true Activity 5809.0 DCERPC Authentication DoS meta medium true 5809.0 DCERPC Authentication DoS meta medium true 5812.0 Cisco IPS SSL DOS service-generi medium true Vulnerability c 5812.0 Cisco IPS SSL DOS service-generi medium true Vulnerability c 5812.1 Cisco IPS SSL DOS service-generi medium true Vulnerability c 5812.1 Cisco IPS SSL DOS service-generi medium true Vulnerability c 5813.0 Microsoft Internet meta high true Explorer Vector Markup Language Vulnerability 5813.0 Microsoft Internet meta high true Explorer Vector Markup Language Vulnerability 5814.0 Step-by-Step Interactive meta high true Training Remote Code Execution 5814.0 Step-by-Step Interactive meta high true Training Remote Code Execution 5815.0 WebViewFolderIcon meta high true setSlice() Overflow 5815.0 WebViewFolderIcon meta high true setSlice() Overflow 5821.0 DirectAnimation ActiveX meta high true Memory Corruption 5821.0 DirectAnimation ActiveX meta high true Memory Corruption 5822.0 Workstation Service meta high true Memory Corruption Vulnerability 5822.0 Workstation Service meta high true Memory Corruption Vulnerability 5827.0 Internet Explorer ActiveX meta high true Control Arbitrary Code Execution 5827.0 Internet Explorer ActiveX meta high true Control Arbitrary Code Execution 5829.0 Invalid SSL Packet service-generi medium true c 5829.0 Invalid SSL Packet service-generi medium true c 5832.0 IOS Crafted IP Option service-generi high true Vulnerability c 5832.0 IOS Crafted IP Option service-generi high true Vulnerability c 5832.1 IOS Crafted IP Option service-generi high true Vulnerability c 5832.1 IOS Crafted IP Option service-generi high true Vulnerability c 5832.2 IOS Crafted IP Option service-generi high true Vulnerability c 5832.2 IOS Crafted IP Option service-generi high true Vulnerability c 5832.3 IOS Crafted IP Option service-generi high true Vulnerability c 5832.3 IOS Crafted IP Option service-generi high true Vulnerability c 5835.2 Cisco IOS SIP DoS meta medium true Vulnerability 5835.2 Cisco IOS SIP DoS meta medium true Vulnerability 5835.5 Cisco IOS SIP DoS meta medium true Vulnerability 5835.5 Cisco IOS SIP DoS meta medium true Vulnerability 5837.0 Malformed TCP packet service-generi medium true c 5837.0 Malformed TCP packet service-generi medium true c 5837.1 Malformed TCP packet normalizer informational true 5837.1 Malformed TCP packet normalizer informational true 5847.0 FTP Successful Privileged meta low true Login 5847.0 FTP Successful Privileged meta low true Login 5847.1 FTP Successful Privileged meta low true Login 5847.1 FTP Successful Privileged meta low true Login 5854.0 Cisco CUCM/CUPS Denial service-generi medium true of Service Vulnerability c 5854.0 Cisco CUCM/CUPS Denial service-generi medium true of Service Vulnerability c 5856.0 Agent URL Parsing Remote meta high true Code Execution 5856.0 Agent URL Parsing Remote meta high true Code Execution 5857.0 UPnP Memory Corruption meta high true Vulnerability 5857.0 UPnP Memory Corruption meta high true Vulnerability 5858.1 DNS Server RPC Interface meta high true Buffer Overflow 5858.1 DNS Server RPC Interface meta high true Buffer Overflow 5858.5 DNS Server RPC Interface service-smb-ad high true Buffer Overflow vanced 5858.5 DNS Server RPC Interface service-smb-ad high true Buffer Overflow vanced 5860.0 IOS FTPd Successful Login meta low true 5860.0 IOS FTPd Successful Login meta low true 5863.0 Internet Explorer meta high true CAPICOM.Certificates Remote Code Execution 5863.0 Internet Explorer meta high true CAPICOM.Certificates Remote Code Execution 5865.0 Microsoft WMS Arbitrary meta high true File Rewrite Vulnerability 5865.0 Microsoft WMS Arbitrary meta high true File Rewrite Vulnerability 5884.0 IOS NHRP Buffer Overflow service-generi high true c 5884.0 IOS NHRP Buffer Overflow service-generi high true c 5884.1 IOS NHRP Buffer Overflow service-generi high true c 5884.1 IOS NHRP Buffer Overflow service-generi high true c 5893.0 Cisco IP Phone Remote meta medium true Denial of Service 5893.0 Cisco IP Phone Remote meta medium true Denial of Service 5898.0 Microsoft Agent HTTP Code meta high true Execution 5898.0 Microsoft Agent HTTP Code meta high true Execution 5903.0 MS SharePoint XSS meta medium true 5903.0 MS SharePoint XSS meta medium true 5908.0 NNTP Overflow meta high true 5908.0 NNTP Overflow meta high true 6017.0 DirectShow SAMI Parsing meta high true Remote Code Execution 6017.0 DirectShow SAMI Parsing meta high true Remote Code Execution 6017.3 DirectShow SAMI Parsing meta high true Remote Code Execution 6017.3 DirectShow SAMI Parsing meta high true Remote Code Execution 6069.0 Windows Media Format meta high true Remote Code Execution 6069.0 Windows Media Format meta high true Remote Code Execution 6069.4 Windows Media Format meta high true Remote Code Execution 6069.4 Windows Media Format meta high true Remote Code Execution 6069.6 Windows Media Format meta high true Remote Code Execution 6069.6 Windows Media Format meta high true Remote Code Execution 6110.0 RPC RSTATD Sweep meta high true 6110.0 RPC RSTATD Sweep meta high true 6110.1 RPC RSTATD Sweep meta high true 6110.1 RPC RSTATD Sweep meta high true 6111.0 RPC RUSESRD Sweep meta high true 6111.0 RPC RUSESRD Sweep meta high true 6111.1 RPC RUSESRD Sweep meta high true 6111.1 RPC RUSESRD Sweep meta high true 6112.0 RPC NFS Sweep meta high true 6112.0 RPC NFS Sweep meta high true 6112.1 RPC NFS Sweep meta high true 6112.1 RPC NFS Sweep meta high true 6113.0 RPC MOUNTD Sweep meta high true 6113.0 RPC MOUNTD Sweep meta high true 6113.1 RPC MOUNTD Sweep meta high true 6113.1 RPC MOUNTD Sweep meta high true 6114.0 RPC YPASSWDD Sweep meta high true 6114.0 RPC YPASSWDD Sweep meta high true 6114.1 RPC YPASSWDD Sweep meta high true 6114.1 RPC YPASSWDD Sweep meta high true 6115.0 RPC SELECTION SVC Sweep meta high true 6115.0 RPC SELECTION SVC Sweep meta high true 6115.1 RPC SELECTION SVC Sweep meta high true 6115.1 RPC SELECTION SVC Sweep meta high true 6116.0 RPC REXD Sweep meta high true 6116.0 RPC REXD Sweep meta high true 6116.1 RPC REXD Sweep meta high true 6116.1 RPC REXD Sweep meta high true 6117.0 RPC STATUS Sweep meta high true 6117.0 RPC STATUS Sweep meta high true 6117.1 RPC STATUS Sweep meta high true 6117.1 RPC STATUS Sweep meta high true 6118.0 RPC TTDB Sweep meta high true 6118.0 RPC TTDB Sweep meta high true 6118.1 RPC TTDB Sweep meta high true 6118.1 RPC TTDB Sweep meta high true 6130.3 Microsoft Message Queuing meta high true Overflow 6130.3 Microsoft Message Queuing meta high true Overflow 6130.5 Microsoft Message Queuing meta high true Overflow 6130.5 Microsoft Message Queuing meta high true Overflow 6130.9 Microsoft Message Queuing meta high true Overflow 6130.9 Microsoft Message Queuing meta high true Overflow 6130.11 Microsoft Message Queuing meta high true Overflow 6130.11 Microsoft Message Queuing meta high true Overflow 6131.2 Microsoft Plug and Play meta high true Overflow 6131.2 Microsoft Plug and Play meta high true Overflow 6131.5 Microsoft Plug and Play meta high true Overflow 6131.5 Microsoft Plug and Play meta high true Overflow 6131.7 Microsoft Plug and Play meta high true Overflow 6131.7 Microsoft Plug and Play meta high true Overflow 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.10 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6131.11 Microsoft Plug and Play service-smb-ad high true Overflow vanced 6228.0 Mac OSX Software Update meta high true Remote Code Execution 6228.0 Mac OSX Software Update meta high true Remote Code Execution 6229.0 MS SQL Server sqldmo.dll meta high true Overflow 6229.0 MS SQL Server sqldmo.dll meta high true Overflow 6403.0 IE Uninitialized Memory meta high true Corruption 6403.0 IE Uninitialized Memory meta high true Corruption 6408.0 IE DHTML Memory Corruption meta high true 6408.0 IE DHTML Memory Corruption meta high true 6409.0 IE Invalid Object Memory meta high true Corruption 6409.0 IE Invalid Object Memory meta high true Corruption 6410.0 IE Unsafe Memory meta high true Operation 6410.0 IE Unsafe Memory meta high true Operation 6510.0 GOM Player ActiveX meta high true Control Buffer Overflow 6510.0 GOM Player ActiveX meta high true Control Buffer Overflow 6768.0 Samba WINS Remote Code meta high true Execution Vulnerability 6768.0 Samba WINS Remote Code meta high true Execution Vulnerability 6926.0 Cisco IOS DLSw DoS service-generi medium true c 6926.0 Cisco IOS DLSw DoS service-generi medium true c 6926.1 Cisco IOS DLSw DoS service-generi medium true c 6926.1 Cisco IOS DLSw DoS service-generi medium true c 7201.0 Gnutella Upload/Download service-p2p low true Stream 7201.0 Gnutella Upload/Download service-p2p low true Stream 7202.0 UDP eDonkey Activity service-p2p low true 7202.0 UDP eDonkey Activity service-p2p low true 7203.0 ARES P2P activity service-p2p medium true 7203.0 ARES P2P activity service-p2p medium true 7205.0 Waste P2P Protocol service-p2p low true 11000.3 KaZaA v2 UDP Client Probe service-p2p low true 11000.3 KaZaA v2 UDP Client Probe service-p2p low true 11001.1 Gnutella Client Request service-p2p low true 11001.1 Gnutella Client Request service-p2p low true 11002.1 Gnutella Server Reply service-p2p low true 11002.1 Gnutella Server Reply service-p2p low true 11003.1 Qtella File Request service-p2p low true 11003.1 Qtella File Request service-p2p low true 11004.1 Bearshare File Request service-p2p low true 11004.1 Bearshare File Request service-p2p low true 11005.2 KaZaA Client Activity service-p2p low true 11005.2 KaZaA Client Activity service-p2p low true 11006.1 Gnucleus File Request service-p2p low true 11006.1 Gnucleus File Request service-p2p low true 11007.1 Limewire File Request service-p2p medium true 11007.1 Limewire File Request service-p2p medium true 11008.1 Morpheus File Request service-p2p low true 11008.1 Morpheus File Request service-p2p low true 11009.1 Phex File Request service-p2p medium true 11009.1 Phex File Request service-p2p medium true 11010.1 Swapper File Request service-p2p low true 11010.1 Swapper File Request service-p2p low true 11011.1 XoloX File Request service-p2p low true 11011.1 XoloX File Request service-p2p low true 11012.1 GTK-Gnutella File Request service-p2p low true 11012.1 GTK-Gnutella File Request service-p2p low true 11013.1 Mutella File Request service-p2p low true 11013.1 Mutella File Request service-p2p low true 11017.1 Direct Connect Server service-p2p medium true Reply 11017.1 Direct Connect Server service-p2p medium true Reply 11018.1 eDonkey Activity service-p2p low true 11018.1 eDonkey Activity service-p2p low true 11019.1 WinMx Server Response service-p2p low false 11019.1 WinMx Server Response service-p2p low false 11020.1 BitTorrent Client Activity service-p2p low true 11020.1 BitTorrent Client Activity service-p2p low true 11022.1 Overnet Client Scan service-p2p low true 11022.1 Overnet Client Scan service-p2p low true 11023.1 Soulseek Client Login service-p2p low true 11027.1 Gnutella File Search service-p2p low true 11027.1 Gnutella File Search service-p2p low true 11233.3 SSH Over Non-standard fixed-tcp informational false Ports 11233.3 SSH Over Non-standard fixed-tcp informational false Ports 11245.0 IRC Server Connection string-tcp informational true 11245.0 IRC Server Connection string-tcp informational true 11245.1 IRC Server Connection string-tcp informational true 11245.1 IRC Server Connection string-tcp informational true 11245.2 IRC Server Connection fixed-tcp informational true 11245.2 IRC Server Connection fixed-tcp informational true 11245.3 IRC Server Connection fixed-tcp informational true 11245.3 IRC Server Connection fixed-tcp informational true CAVEATS None. Modified signature(s) detail: None.