Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | TA15-119A | First vendor Publication | 2015-04-29 |
| Vendor | US-CERT | Last vendor Modification | 2015-04-29 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Overview Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are preventable [1]. This Alert provides information on the 30 most commonly exploited vulnerabilities used in these attacks, along with prevention and mitigation recommendations. It is based on analysis completed by the Canadian Cyber Incident Response Centre (CCIRC) and was developed in collaboration with our partners from Canada, New Zealand, the United Kingdom, and the Australian Cyber Security Centre. DescriptionUnpatched vulnerabilities allow malicious actors entry points into a network. A set of vulnerabilities are consistently targeted in observed attacks. ImpactA successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:
SolutionMaintain up-to-date software.The attack vectors frequently used by malicious actors such as email attachments, compromised “watering hole” websites, and other tools often rely on taking advantage of unpatched vulnerabilities found in widely used software applications. Patching is the process of repairing vulnerabilities found in these software components. It is necessary for all organizations to establish a strong ongoing patch management process to ensure the proper preventive measures are taken against potential threats. The longer a system remains unpatched, the longer it is vulnerable to being compromised. Once a patch has been publicly released, the underlying vulnerability can be reverse engineered by malicious actors in order to create an exploit. This process has been documented to take anywhere from 24-hours to four days. Timely patching is one of the lowest cost yet most effective steps an organization can take to minimize its exposure to the threats facing its network. Patch commonly exploited vulnerabilities.Executives should ensure their organization’s information security professionals have patched the following software vulnerabilities. Please see patching information for version specifics.
Implement the following four mitigation strategies.As part of a comprehensive security strategy, network administrators should implement the following four mitigation strategies, which can help prevent targeted cyber attacks.
It is recommended that users review US-CERT Security Tip (ST13-003) and CCIRC’s Mitigation Guidelines for Advanced Persistent Threats for additional background information and to assist in the detection of, response to, and recovery from malicious activity linked to advance persistent threats [2, 3]. |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA15-119A.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 26 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 22 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 17 % | CWE-399 | Resource Management Errors |
| 9 % | CWE-416 | Use After Free |
| 4 % | CWE-255 | Credentials Management |
| 4 % | CWE-200 | Information Exposure |
| 4 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 4 % | CWE-125 | Out-of-bounds Read |
| 4 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 4 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11586 | |||
| Oval ID: | oval:org.mitre.oval:def:11586 | ||
| Title: | Adobe Reader and Acrobat CoolType.dll Font Parsing Buffer Overflow Vulnerability | ||
| Description: | Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2883 | Version: | 20 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11676 | |||
| Oval ID: | oval:org.mitre.oval:def:11676 | ||
| Title: | Excel Record Parsing WriteAV Vulnerability | ||
| Description: | Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0101 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2002 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11931 | |||
| Oval ID: | oval:org.mitre.oval:def:11931 | ||
| Title: | RTF Stack Buffer Overflow Vulnerability | ||
| Description: | Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3333 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14175 | |||
| Oval ID: | oval:org.mitre.oval:def:14175 | ||
| Title: | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | ||
| Description: | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0611 | Version: | 25 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player Adobe Acrobat Adobe Air Adobe Reader |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14562 | |||
| Oval ID: | oval:org.mitre.oval:def:14562 | ||
| Title: | Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. | ||
| Description: | Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2462 | Version: | 14 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Adobe Reader Adobe Acrobat |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15447 | |||
| Oval ID: | oval:org.mitre.oval:def:15447 | ||
| Title: | MSCOMCTL.OCX RCE Vulnerability - MS12-060 | ||
| Description: | The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1856 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Host Integration Server 2004 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2003 Microsoft Office 2003 Web Components Microsoft Visual FoxPro 8.0 Microsoft Visual FoxPro 9.0 Microsoft SQL Server 2000 Analysis Services Microsoft SQL Server 2000 Microsoft SQL Server 2005 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft Commerce Server 2002 Microsoft Commerce Server 2007 Microsoft Commerce Server 2009 Microsoft Commerce Server 2009 R2 Microsoft Visual Basic 6.0 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15462 | |||
| Oval ID: | oval:org.mitre.oval:def:15462 | ||
| Title: | MSCOMCTL.OCX RCE Vulnerability | ||
| Description: | The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0158 | Version: | 10 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Office 2003 Microsoft Office 2003 Web Components Microsoft Office 2007 Microsoft Office 2010 Microsoft SQL Server 2000 Analysis Services Microsoft SQL Server 2000 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server 2005 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft BizTalk Server 2002 Microsoft Commerce Server 2002 Microsoft Commerce Server 2007 Microsoft Commerce Server 2009 Microsoft Commerce Server 2009 R2 Microsoft Visual FoxPro 8.0 Microsoft Visual FoxPro 9.0 Visual Basic 6.0 Runtime |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16259 | |||
| Oval ID: | oval:org.mitre.oval:def:16259 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1723 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16361 | |||
| Oval ID: | oval:org.mitre.oval:def:16361 | ||
| Title: | Internet Explorer Use After Free Vulnerability - MS13-008 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4792 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16516 | |||
| Oval ID: | oval:org.mitre.oval:def:16516 | ||
| Title: | Double dereference vulnerability in Microsoft Silverlight - MS13-022 | ||
| Description: | Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0074 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft Silverlight 5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16565 | |||
| Oval ID: | oval:org.mitre.oval:def:16565 | ||
| Title: | Double dereference vulnerability in Microsoft Silverlight - MS13-022 (Mac OS X) | ||
| Description: | Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability." | ||
| Family: | macos | Class: | vulnerability |
| Reference(s): | CVE-2013-0074 | Version: | 3 |
| Platform(s): | Apple Mac OS X Apple Mac OS X Server | Product(s): | Microsoft Silverlight 5 for Mac |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16717 | |||
| Oval ID: | oval:org.mitre.oval:def:16717 | ||
| Title: | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727 | ||
| Description: | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2729 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Adobe Reader Adobe Acrobat |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16727 | |||
| Oval ID: | oval:org.mitre.oval:def:16727 | ||
| Title: | Internet Explorer Use After Free Vulnerability - MS13-038 | ||
| Description: | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1347 | Version: | 5 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17106 | |||
| Oval ID: | oval:org.mitre.oval:def:17106 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2465 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19455 | |||
| Oval ID: | oval:org.mitre.oval:def:19455 | ||
| Title: | HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-2465 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21697 | |||
| Oval ID: | oval:org.mitre.oval:def:21697 | ||
| Title: | RHSA-2011:0451: flash-plugin security update (Critical) | ||
| Description: | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0451-01 CVE-2011-0611 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 | Product(s): | flash-plugin |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22083 | |||
| Oval ID: | oval:org.mitre.oval:def:22083 | ||
| Title: | ELSA-2010:0114: acroread security and bug fix update (Critical) | ||
| Description: | Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0114-01 CVE-2010-0186 CVE-2010-0188 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | acroread |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22136 | |||
| Oval ID: | oval:org.mitre.oval:def:22136 | ||
| Title: | RHSA-2010:0114: acroread security and bug fix update (Critical) | ||
| Description: | Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0114-01 CVE-2010-0186 CVE-2010-0188 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | acroread |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22660 | |||
| Oval ID: | oval:org.mitre.oval:def:22660 | ||
| Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2014-0322) - MS14-012 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0322 | Version: | 6 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows 8 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23182 | |||
| Oval ID: | oval:org.mitre.oval:def:23182 | ||
| Title: | DEPRECATED: ELSA-2011:0451: flash-plugin security update (Critical) | ||
| Description: | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0451-01 CVE-2011-0611 | Version: | 7 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | flash-plugin |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23213 | |||
| Oval ID: | oval:org.mitre.oval:def:23213 | ||
| Title: | ELSA-2011:0451: flash-plugin security update (Critical) | ||
| Description: | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0451-01 CVE-2011-0611 | Version: | 6 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | flash-plugin |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23812 | |||
| Oval ID: | oval:org.mitre.oval:def:23812 | ||
| Title: | DEPRECATED: ELSA-2014:0376: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0376-00 CVE-2014-0160 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23983 | |||
| Oval ID: | oval:org.mitre.oval:def:23983 | ||
| Title: | Word RTF memory corruption vulnerability (CVE-2014-1761) - MS14-017 | ||
| Description: | Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1761 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Office Compatibility Pack Microsoft Word 2003 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word Viewer Microsoft Office Web Apps 2010 Microsoft Office Web Apps Server 2013 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24241 | |||
| Oval ID: | oval:org.mitre.oval:def:24241 | ||
| Title: | The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read | ||
| Description: | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-0160 | Version: | 10 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24324 | |||
| Oval ID: | oval:org.mitre.oval:def:24324 | ||
| Title: | ELSA-2014:0376: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014:0376-00 CESA-2014:0160 CVE-2014-0160 | Version: | 9 |
| Platform(s): | Oracle Linux 6 CentOS Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24472 | |||
| Oval ID: | oval:org.mitre.oval:def:24472 | ||
| Title: | Vulnerabilities in Microsoft Word could allow remote code execution (CVE-2014-1761) - MS14-017 | ||
| Description: | Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014. | ||
| Family: | macos | Class: | vulnerability |
| Reference(s): | CVE-2014-1761 | Version: | 3 |
| Platform(s): | Apple Mac OS X Apple Mac OS X Server | Product(s): | Microsoft Office 2011 for Mac |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24704 | |||
| Oval ID: | oval:org.mitre.oval:def:24704 | ||
| Title: | Internet Explorer Memory corruption vulnerability (CVE-2014-1776) - MS14-021 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-1776 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24718 | |||
| Oval ID: | oval:org.mitre.oval:def:24718 | ||
| Title: | RHSA-2014:0376: openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2014:0376-00 CVE-2014-0160 CESA-2014:0376 | Version: | 9 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26160 | |||
| Oval ID: | oval:org.mitre.oval:def:26160 | ||
| Title: | Windows OLE remote code execution vulnerability - CVE-2014-4114 (MS14-060) | ||
| Description: | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-4114 | Version: | 3 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26742 | |||
| Oval ID: | oval:org.mitre.oval:def:26742 | ||
| Title: | DEPRECATED: ELSA-2014-0376 -- openssl security update (Important) | ||
| Description: | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2014-0376 CVE-2014-0160 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:29321 | |||
| Oval ID: | oval:org.mitre.oval:def:29321 | ||
| Title: | DSA-2896-2 -- openssl -- security update | ||
| Description: | A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Heartbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker. This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2896-2 CVE-2014-0160 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5897 | |||
| Oval ID: | oval:org.mitre.oval:def:5897 | ||
| Title: | Word Record Parsing Vulnerability | ||
| Description: | Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-2244 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Excel 2002 Microsoft Word 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6521 | |||
| Oval ID: | oval:org.mitre.oval:def:6521 | ||
| Title: | Excel Featheader Record Memory Corruption Vulnerability | ||
| Description: | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3129 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6570 | |||
| Oval ID: | oval:org.mitre.oval:def:6570 | ||
| Title: | Uninitialized Memory Corruption Vulnerability (CVE-2009-3674) | ||
| Description: | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3674 | Version: | 8 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8242 | |||
| Oval ID: | oval:org.mitre.oval:def:8242 | ||
| Title: | Adobe Reader and Acrobat U3D Remote Code Execution Vulnerability | ||
| Description: | The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3953 | Version: | 16 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8446 | |||
| Oval ID: | oval:org.mitre.oval:def:8446 | ||
| Title: | Uninitialized Memory Corruption Vulnerability (CVE-2010-0806) | ||
| Description: | Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0806 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8697 | |||
| Oval ID: | oval:org.mitre.oval:def:8697 | ||
| Title: | Adobe Reader and Acrobat Null Pointer Dereference Denial of Service Vulnerability | ||
| Description: | Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0188 | Version: | 16 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Internet Explorer iepeers.dll use-after-free vulnerability | More info here |
| Internet Explorer CButton Use After Free Vulnerability | More info here |
| Internet Explorer CMarkup Object Handling Use-after-free Vulnerability | More info here |
| Adobe Reader CoolType.dll buffer overflow | More info here |
| Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability | More info here |
| Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion | More info here |
| Microsoft Office RTF pFragments Property Stack Buffer Overflow | More info here |
| Oracle Java Runtime Environment AWT storeImageArray Vulnerability | More info here |
| Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability | More info here |
| Adobe Flash Player callMethod Bytecode Memory Corruption | More info here |
| Internet Explorer CGenericElement Object Use-after-free Vulnerability | More info here |
| Adobe Reader Libtiff TIFFFetchShortPair Stack Buffer Overflow | More info here |
| Microsoft Word RTF Object Confusion | More info here |
| Adobe Reader U3D Heap Overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2014-11-14 | MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python |
| 2014-10-25 | Windows OLE - Remote Code Execution "Sandworm" Exploit (MS14-060) |
| 2014-10-20 | MS14-060 Microsoft Windows OLE Package Manager Code Execution |
| 2014-10-20 | Windows OLE Package Manager SandWorm Exploit |
| 2014-04-24 | Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support |
| 2014-04-16 | MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free |
| 2014-04-14 | MS14-012 Internet Explorer CMarkup Use-After-Free |
| 2014-04-10 | MS14-017 Microsoft Word RTF Object Confusion |
| 2014-04-10 | Heartbleed OpenSSL - Information Leak Exploit (1) |
| 2014-04-09 | OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ... |
| 2014-04-08 | OpenSSL TLS Heartbeat Extension - Memory Disclosure |
| 2013-11-27 | MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access |
| 2013-08-21 | Adobe ColdFusion 9 Administrative Login Bypass |
| 2013-08-19 | Java storeImageArray() Invalid Array Indexing Vulnerability |
| 2013-04-10 | Adobe ColdFusion APSB13-03 Remote Exploit |
| 2013-01-02 | Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability |
| 2012-07-11 | Java Applet Field Bytecode Verifier Cache Remote Code Execution |
| 2012-01-14 | Adobe Reader U3D Memory Corruption Vulnerability |
| 2011-07-03 | MS Office 2010 RTF Header Stack Overflow Vulnerability Exploit |
| 2011-07-03 | Adobe Reader X Atom Type Confusion Vulnerability Exploit |
| 2011-04-16 | Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability |
| 2010-09-25 | Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow |
| 2010-12-14 | Internet Explorer DHTML Behaviors Use After Free |
| 2010-09-20 | Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow |
| 2010-08-21 | MS Excel Malformed FEATHEADER Record Exploit (MS09-067) |
| 2010-03-10 | Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta) |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0828-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_0828_1.nasl |
| 2012-09-06 | Name : Ubuntu Update for icedtea-web USN-1505-2 File : nvt/gb_ubuntu_USN_1505_2.nasl |
| 2012-08-30 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9590 File : nvt/gb_fedora_2012_9590_java-1.7.0-openjdk_fc17.nasl |
| 2012-08-22 | Name : Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities ... File : nvt/gb_oracle_java_se_mult_unspecified_vuln_aug12_win.nasl |
| 2012-08-15 | Name : Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573) File : nvt/secpod_ms12-060.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2507-1 (openjdk-6) File : nvt/deb_2507_1.nasl |
| 2012-08-03 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:095 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_095.nasl |
| 2012-08-02 | Name : SuSE Update for acroread openSUSE-SU-2012:0087-1 (acroread) File : nvt/gb_suse_2012_0087_1.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:1009 centos6 File : nvt/gb_CESA-2012_1009_java_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:0730 centos5 File : nvt/gb_CESA-2012_0730_java_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:0729 centos6 File : nvt/gb_CESA-2012_0729_java_centos6.nasl |
| 2012-07-16 | Name : Ubuntu Update for openjdk-6 USN-1505-1 File : nvt/gb_ubuntu_USN_1505_1.nasl |
| 2012-06-22 | Name : RedHat Update for java-1.7.0-openjdk RHSA-2012:1009-01 File : nvt/gb_RHSA-2012_1009-01_java-1.7.0-openjdk.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593 File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541 File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545 File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl |
| 2012-06-15 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0729-01 File : nvt/gb_RHSA-2012_0729-01_java-1.6.0-openjdk.nasl |
| 2012-06-15 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0730-01 File : nvt/gb_RHSA-2012_0730-01_java-1.6.0-openjdk.nasl |
| 2012-04-11 | Name : Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) File : nvt/secpod_ms12-027.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-19 (acroread) File : nvt/glsa_201201_19.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-11 (Adobe Flash Player) File : nvt/glsa_201110_11.nasl |
| 2012-02-12 | Name : FreeBSD Ports: acroread9 File : nvt/freebsd_acroread9.nasl |
| 2011-12-09 | Name : Adobe Reader 'U3D' Component Memory Corruption Vulnerability - Linux File : nvt/gb_adobe_reader_u3d_mem_crptn_vuln_lin.nasl |
| 2011-12-09 | Name : Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Windows File : nvt/gb_adobe_prdts_u3d_mem_crptn_vuln_win.nasl |
| 2011-12-09 | Name : Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Mac OS X File : nvt/gb_adobe_prdts_u3d_mem_crptn_vuln_macosx.nasl |
| 2011-05-12 | Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin14.nasl |
| 2011-04-22 | Name : Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux) File : nvt/gb_adobe_flash_player_code_execution_vuln_apr11_lin.nasl |
| 2011-04-22 | Name : SuSE Update for flash-player SUSE-SA:2011:018 File : nvt/gb_suse_2011_018.nasl |
| 2011-04-22 | Name : Adobe Products Arbitrary Code Execution Vulnerability (Windows) File : nvt/gb_adobe_prdts_code_execution_vuln_apr11_win.nasl |
| 2011-04-13 | Name : Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279) File : nvt/secpod_ms11-021.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-05 (acroread) File : nvt/glsa_201009_05.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201101-08 (acroread) File : nvt/glsa_201101_08.nasl |
| 2010-11-10 | Name : Microsoft Office Remote Code Execution Vulnerabilites (2423930) File : nvt/secpod_ms10-087.nasl |
| 2010-10-19 | Name : SuSE Update for acroread SUSE-SA:2010:048 File : nvt/gb_suse_2010_048.nasl |
| 2010-10-18 | Name : Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows) File : nvt/gb_adobe_prdts_mult_vuln_oct10_win.nasl |
| 2010-09-15 | Name : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux) File : nvt/gb_adobe_reader_sing_bof_vuln_lin.nasl |
| 2010-09-15 | Name : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win) File : nvt/gb_adobe_prdts_sing_bof_vuln_win.nasl |
| 2010-04-01 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (980182) File : nvt/secpod_ms10-018.nasl |
| 2010-03-10 | Name : MS Internet Explorer Remote Code Execution Vulnerability (981374) File : nvt/gb_ms_ie_remote_code_exe_vuln_981374.nasl |
| 2010-02-26 | Name : Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux) File : nvt/secpod_adobe_prdts_code_exec_vuln_feb10_lin.nasl |
| 2010-02-26 | Name : Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows) File : nvt/secpod_adobe_prdts_code_exec_vuln_feb10_win.nasl |
| 2010-01-29 | Name : SuSE Update for acroread SUSE-SA:2010:008 File : nvt/gb_suse_2010_008.nasl |
| 2010-01-16 | Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Jan10 (Win) File : nvt/gb_adobe_prdts_mult_vuln_jan10_win.nasl |
| 2010-01-16 | Name : Adobe Reader Multiple Vulnerabilities -jan10 (Linux) File : nvt/gb_adobe_reader_mult_vuln_jan10_lin.nasl |
| 2009-12-04 | Name : MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability File : nvt/gb_ms_ie_style_object_remote_code_exec_vuln.nasl |
| 2009-11-11 | Name : Microsoft Office Excel Multiple Vulnerabilities (972652) File : nvt/secpod_ms09-067.nasl |
| 2008-08-19 | Name : Microsoft Word Could Allow Remote Code Execution Vulnerability File : nvt/secpod_ms_word_code_exec_vuln_900006.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 77529 | Adobe Reader / Acrobat U3D Data Handling Remote Memory Corruption A memory corruption flaw exists in Adobe Reader and Acrobat . The program fails to sanitize user-supplied input when handling U3D data, resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code. |
| 71766 | Microsoft Office Excel RealTimeData Record Parsing WriteAV Remote Code Execution Microsoft Excel contains a flaw related to RealTimeData Record Parsing methods. The issue is triggered when a the program uses an improperly calculated pointer in a memcpy operation with a user supplied data source. This may allow a context-dependent attacker to use a crafted Excel file to execute arbitrary code. |
| 71686 | Adobe Flash ActionScript Predefined Class Prototype Addition Remote Code Exec... |
| 69085 | Microsoft Office RTF Parsing Stack Overflow Microsoft Office contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to a boundary error when parsing a certain control word in RTF (Rich Text Format) formatted content can be exploited to cause a stack-based buffer overflow via a specially crafted file. It may allow execution of arbitrary code. |
| 67849 | Adobe Reader / Acrobat CoolType.dll SING (Smart INdependent Glyphlets) Font u... Acrobat and Reader are prone to an overflow condition. The application fails to properly sanitize the "uniqueName" field within the SING table structure of TrueType fonts resulting in a stack buffer overflow. With a specially crafted file, a context-dependent attacker can potentially cause arbitrary code execution. |
| 62810 | Microsoft IE iepeers.dll Use-After-Free Arbitrary Code Execution Microsoft Windows Internet Explorer contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an attacker utilizes a remote memory-corruption vulnerability in Internet Explorer by inserting malicious code into a site and when Internet Explorer attempts to parse the attack page, the remote attacker to gain privileges of the currently logged-in user viewing the malicious site. |
| 62526 | Adobe Reader / Acrobat LibTiff Overflow |
| 61690 | Adobe Reader / Acrobat U3D Implementation Array Boundary Arbitrary Code Execu... |
| 60839 | Microsoft IE CAttrArray Object Circular Dereference Remote Code Execution |
| 59860 | Microsoft Office Excel BIFF File FEATHEADER cbHdrData Size Element Handling M... Excel contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is triggered by a specially crafted Excel document that contains a malformed FEATHEADER object. |
| 46914 | Microsoft Word DOC File Handling Unspecified Arbitrary Code Execution |
| 28376 | Microsoft IE US-ASCII Character Set Filter Bypass XSS Microsoft Internet Explorer contains a flaw related to the encoding Internet transmitted content into ASCII that may allow an attacker to bypass security filters, such as intrusion detection systems. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2014-05-01 | IAVM : 2014-A-0065 - Microsoft Internet Explorer Memory Corruption Vulnerability Severity : Category I - VMSKEY : V0050205 |
| 2014-05-01 | IAVM : 2014-A-0063 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity : Category I - VMSKEY : V0050009 |
| 2014-05-01 | IAVM : 2014-A-0062 - Multiple Vulnerabilities In McAfee Email Gateway Severity : Category I - VMSKEY : V0050005 |
| 2014-05-01 | IAVM : 2014-B-0050 - McAfee Web Gateway Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0050003 |
| 2014-04-24 | IAVM : 2014-B-0046 - Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity : Category I - VMSKEY : V0049737 |
| 2014-04-17 | IAVM : 2014-A-0057 - Multiple Vulnerabilities in Oracle MySQL Products Severity : Category I - VMSKEY : V0049591 |
| 2014-04-17 | IAVM : 2014-A-0053 - Multiple Vulnerabilities in Juniper Network JUNOS Severity : Category I - VMSKEY : V0049589 |
| 2014-04-17 | IAVM : 2014-A-0054 - Multiple Vulnerabilities in Oracle Database Severity : Category I - VMSKEY : V0049587 |
| 2014-04-17 | IAVM : 2014-A-0055 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0049585 |
| 2014-04-17 | IAVM : 2014-A-0056 - Multiple Vulnerabilities in Oracle Java SE Severity : Category I - VMSKEY : V0049583 |
| 2014-04-17 | IAVM : 2014-A-0058 - Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity : Category I - VMSKEY : V0049579 |
| 2014-04-17 | IAVM : 2014-B-0041 - Multiple Vulnerabilities in Splunk Severity : Category I - VMSKEY : V0049577 |
| 2014-04-17 | IAVM : 2014-B-0042 - Stunnel Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0049575 |
| 2014-04-10 | IAVM : 2014-A-0049 - Multiple Vulnerabilities in Microsoft Office Severity : Category II - VMSKEY : V0048675 |
| 2014-04-10 | IAVM : 2014-A-0051 - OpenSSL Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0048667 |
| 2014-03-13 | IAVM : 2014-A-0037 - Cumulative Security Update for Microsoft Internet Explorer Severity : Category I - VMSKEY : V0046163 |
| 2014-01-30 | IAVM : 2014-A-0017 - Multiple Vulnerabilities in Cisco TelePresence Video Communication Server Severity : Category I - VMSKEY : V0043846 |
| 2014-01-30 | IAVM : 2014-A-0019 - Multiple Vulnerabilities in VMware Fusion Severity : Category I - VMSKEY : V0043844 |
| 2013-11-21 | IAVM : 2013-A-0222 - Multiple Vulnerabilties in VMware Workstation Severity : Category II - VMSKEY : V0042383 |
| 2013-11-14 | IAVM : 2013-A-0208 - Multiple Vulnerabilities in Adobe ColdFusion Severity : Category I - VMSKEY : V0042291 |
| 2013-03-14 | IAVM : 2013-A-0064 - Microsoft Silverlight Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0037405 |
| 2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
| 2012-09-13 | IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1 Severity : Category I - VMSKEY : V0033792 |
| 2012-08-16 | IAVM : 2012-A-0132 - Microsoft Windows Common Controls Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0033659 |
| 2012-06-28 | IAVM : 2012-A-0104 - Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Severity : Category I - VMSKEY : V0033046 |
| 2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
| 2012-04-12 | IAVM : 2012-A-0059 - Microsoft Windows Common Controls Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0031982 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-01-16 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 52484 - Revision : 1 - Type : FILE-PDF |
| 2020-01-16 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 52483 - Revision : 1 - Type : FILE-PDF |
| 2019-12-10 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 52125 - Revision : 2 - Type : FILE-PDF |
| 2019-12-10 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 52124 - Revision : 2 - Type : FILE-PDF |
| 2019-05-26 | Microsoft Internet Explorer VML use after free attempt RuleID : 49940 - Revision : 2 - Type : BROWSER-IE |
| 2019-04-18 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 49496 - Revision : 1 - Type : FILE-OFFICE |
| 2019-04-18 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 49494 - Revision : 1 - Type : FILE-OFFICE |
| 2017-09-19 | RTF obfuscation string RuleID : 43990 - Revision : 3 - Type : INDICATOR-OBFUSCATION |
| 2017-09-19 | newlines embedded in rtf header RuleID : 43989 - Revision : 3 - Type : INDICATOR-OBFUSCATION |
| 2017-08-23 | Microsoft Office RTF parsing remote code execution attempt RuleID : 43679 - Revision : 1 - Type : FILE-OFFICE |
| 2017-08-23 | Microsoft Office RTF parsing remote code execution attempt RuleID : 43678 - Revision : 1 - Type : FILE-OFFICE |
| 2017-08-23 | Microsoft Office Word SmartTag record code execution attempt RuleID : 43675 - Revision : 3 - Type : FILE-OFFICE |
| 2017-08-23 | Microsoft Office Word SmartTag record code execution attempt RuleID : 43674 - Revision : 3 - Type : FILE-OFFICE |
| 2017-01-04 | Microsoft Office ole object external file loading attempt RuleID : 40885 - Revision : 1 - Type : FILE-OTHER |
| 2017-01-04 | Microsoft Office ole object external file loading attempt RuleID : 40884 - Revision : 1 - Type : FILE-OTHER |
| 2016-11-03 | Adobe ColdFusion RDS admin bypass attempt RuleID : 40323 - Revision : 2 - Type : SERVER-OTHER |
| 2016-06-07 | Microsoft Office ole object external file loading attempt RuleID : 38742 - Revision : 1 - Type : FILE-OTHER |
| 2016-06-01 | Microsoft Internet Explorer onpropertychange use-after-free attempt RuleID : 38670 - Revision : 2 - Type : BROWSER-IE |
| 2016-06-01 | Microsoft Internet Explorer onpropertychange use-after-free attempt RuleID : 38669 - Revision : 2 - Type : BROWSER-IE |
| 2016-04-28 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 38364 - Revision : 2 - Type : BROWSER-IE |
| 2016-04-28 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 38363 - Revision : 1 - Type : BROWSER-IE |
| 2016-03-24 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 37829 - Revision : 2 - Type : FILE-PDF |
| 2016-03-24 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 37828 - Revision : 2 - Type : FILE-PDF |
| 2016-03-24 | Microsoft Office ole object external file loading attempt RuleID : 37825 - Revision : 2 - Type : FILE-OTHER |
| 2016-03-24 | Microsoft Office ole object external file loading attempt RuleID : 37824 - Revision : 2 - Type : FILE-OTHER |
| 2016-03-22 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 37801 - Revision : 3 - Type : BROWSER-PLUGINS |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37727 - Revision : 2 - Type : FILE-OTHER |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37726 - Revision : 2 - Type : FILE-OTHER |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37707 - Revision : 2 - Type : FILE-OFFICE |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37706 - Revision : 3 - Type : FILE-OFFICE |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37705 - Revision : 3 - Type : FILE-OFFICE |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37704 - Revision : 3 - Type : FILE-OFFICE |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37703 - Revision : 3 - Type : FILE-OFFICE |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37702 - Revision : 3 - Type : FILE-OFFICE |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37701 - Revision : 2 - Type : FILE-OFFICE |
| 2016-03-22 | Microsoft Office ole object external file loading attempt RuleID : 37700 - Revision : 3 - Type : FILE-OFFICE |
| 2016-03-14 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 36192 - Revision : 3 - Type : FILE-PDF |
| 2016-03-14 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 36191 - Revision : 3 - Type : FILE-PDF |
| 2015-06-23 | Adobe Acrobat Reader malformed shading modifier heap corruption attempt RuleID : 34552 - Revision : 2 - Type : FILE-PDF |
| 2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
| 2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
| 2015-03-31 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 33602 - Revision : 2 - Type : FILE-PDF |
| 2015-03-31 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 33601 - Revision : 2 - Type : FILE-PDF |
| 2015-02-18 | Microsoft Internet Explorer 10 use after free attempt RuleID : 33086 - Revision : 5 - Type : BROWSER-IE |
| 2015-02-18 | Microsoft Internet Explorer 10 use after free attempt RuleID : 33085 - Revision : 5 - Type : BROWSER-IE |
| 2015-01-20 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32863 - Revision : 4 - Type : FILE-OFFICE |
| 2015-01-20 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32862 - Revision : 3 - Type : FILE-OFFICE |
| 2015-01-20 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32861 - Revision : 2 - Type : FILE-OFFICE |
| 2015-01-20 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32860 - Revision : 2 - Type : FILE-OFFICE |
| 2015-01-20 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32859 - Revision : 2 - Type : FILE-OFFICE |
| 2015-01-20 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32858 - Revision : 2 - Type : FILE-OFFICE |
| 2015-01-20 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32857 - Revision : 2 - Type : FILE-OFFICE |
| 2014-12-02 | Microsoft Internet Explorer VML use after free attempt RuleID : 32363 - Revision : 3 - Type : BROWSER-IE |
| 2014-12-02 | Microsoft Internet Explorer VML use after free attempt RuleID : 32362 - Revision : 3 - Type : BROWSER-IE |
| 2014-11-25 | Microsoft Office ole object external file loading attempt RuleID : 32316 - Revision : 3 - Type : FILE-OTHER |
| 2014-11-25 | Microsoft Office ole object external file loading attempt RuleID : 32315 - Revision : 2 - Type : FILE-OTHER |
| 2014-11-25 | Microsoft Office ole object external file loading attempt RuleID : 32314 - Revision : 2 - Type : FILE-OTHER |
| 2014-11-25 | Microsoft Office ole object external file loading attempt RuleID : 32313 - Revision : 4 - Type : FILE-OTHER |
| 2014-11-25 | Adobe Flash Player regex denial of service attempt RuleID : 32308 - Revision : 2 - Type : FILE-FLASH |
| 2014-11-25 | Adobe Flash Player regex denial of service attempt RuleID : 32307 - Revision : 2 - Type : FILE-FLASH |
| 2014-11-25 | Adobe Flash Player regex denial of service attempt RuleID : 32306 - Revision : 3 - Type : FILE-FLASH |
| 2014-11-25 | Adobe Flash Player regex denial of service attempt RuleID : 32305 - Revision : 3 - Type : FILE-FLASH |
| 2014-11-25 | Adobe Flash Player regex denial of service attempt RuleID : 32304 - Revision : 2 - Type : FILE-FLASH |
| 2014-11-25 | Adobe Flash Player regex denial of service attempt RuleID : 32303 - Revision : 3 - Type : FILE-FLASH |
| 2014-11-25 | Adobe Flash Player regex denial of service attempt RuleID : 32302 - Revision : 2 - Type : FILE-FLASH |
| 2014-11-25 | Adobe Flash Player regex denial of service attempt RuleID : 32301 - Revision : 3 - Type : FILE-FLASH |
| 2014-11-19 | Microsoft Office ole object external file loading attempt RuleID : 32187 - Revision : 4 - Type : FILE-OTHER |
| 2014-11-19 | Microsoft Office ole object external file loading attempt RuleID : 32186 - Revision : 5 - Type : FILE-OTHER |
| 2014-11-16 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 31927 - Revision : 2 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 31926 - Revision : 2 - Type : FILE-OFFICE |
| 2014-11-16 | Win.Trojan.Otupsys variant outbound connection RuleID : 31716 - Revision : 2 - Type : MALWARE-CNC |
| 2014-11-16 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31687 - Revision : 4 - Type : FILE-PDF |
| 2014-11-16 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31686 - Revision : 3 - Type : FILE-PDF |
| 2014-11-16 | Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt RuleID : 31555 - Revision : 4 - Type : FILE-PDF |
| 2014-11-16 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 31512 - Revision : 3 - Type : FILE-JAVA |
| 2014-11-16 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 31511 - Revision : 3 - Type : FILE-JAVA |
| 2014-11-16 | Microsoft Office Word SmartTag record code execution attempt RuleID : 31312 - Revision : 6 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office Word SmartTag record code execution attempt RuleID : 31311 - Revision : 6 - Type : FILE-OFFICE |
| 2014-11-16 | Microsoft Office Word SmartTag record code execution attempt RuleID : 31310 - Revision : 6 - Type : FILE-OFFICE |
| 2014-11-16 | CottonCastle exploit kit decryption page outbound request RuleID : 31279 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-11-16 | CottonCastle exploit kit Oracle java outbound connection RuleID : 31278 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-11-16 | CottonCastle exploit kit Oracle Java outbound connection RuleID : 31277 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-07-03 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31106 - Revision : 4 - Type : FILE-PDF |
| 2014-07-03 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31105 - Revision : 4 - Type : FILE-PDF |
| 2014-07-03 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31104 - Revision : 3 - Type : FILE-PDF |
| 2014-07-03 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 31103 - Revision : 3 - Type : FILE-PDF |
| 2014-06-14 | Shiqiang Gang malicious XLS targeted attack detection RuleID : 30991 - Revision : 6 - Type : MALWARE-CNC |
| 2014-06-14 | Shiqiang Gang malicious XLS targeted attack detection RuleID : 30990 - Revision : 5 - Type : MALWARE-CNC |
| 2014-06-14 | DNS request for known malware domain help.2012hi.hk RuleID : 30989 - Revision : 3 - Type : BLACKLIST |
| 2014-06-07 | known malicious flash actionscript decryption routine RuleID : 30901 - Revision : 3 - Type : FILE-FLASH |
| 2014-05-31 | Microsoft Internet Explorer VML use after free attempt RuleID : 30895 - Revision : 4 - Type : BROWSER-IE |
| 2014-05-31 | Microsoft Internet Explorer VML use after free attempt RuleID : 30894 - Revision : 4 - Type : BROWSER-IE |
| 2014-05-31 | Microsoft Internet Explorer VML use after free attempt RuleID : 30893 - Revision : 3 - Type : BROWSER-IE |
| 2014-05-31 | Microsoft Internet Explorer VML use after free attempt RuleID : 30892 - Revision : 3 - Type : BROWSER-IE |
| 2014-05-28 | Microsoft Internet Explorer VML use after free attempt RuleID : 30803 - Revision : 6 - Type : BROWSER-IE |
| 2014-05-28 | Microsoft Internet Explorer VML use after free attempt RuleID : 30794 - Revision : 7 - Type : BROWSER-IE |
| 2014-04-25 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30788-community - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30788 - Revision : 5 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30787-community - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30787 - Revision : 5 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30786-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30786 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30785-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30785 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30784-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30784 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30783-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30783 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30782-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30782 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30781-community - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30781 - Revision : 5 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30780-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30780 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30779-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30779 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30778-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30778 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-25 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30777-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-24 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30777 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed at... RuleID : 30742 - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed at... RuleID : 30741 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed at... RuleID : 30740 - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed at... RuleID : 30739 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30738 - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30737 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30736 - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30735 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30734 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30733 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30732 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30731 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30730 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30729 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30728 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30727 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed at... RuleID : 30726 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed at... RuleID : 30725 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed at... RuleID : 30724 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed at... RuleID : 30723 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30722 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30721 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30720 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30719 - Revision : 3 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30718 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30717 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30716 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30715 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30714 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30713 - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30712 - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-17 | OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30711 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-15 | OpenSSL Heartbleed masscan access exploitation attempt RuleID : 30549-community - Revision : 2 - Type : SERVER-OTHER |
| 2014-05-15 | OpenSSL Heartbleed masscan access exploitation attempt RuleID : 30549 - Revision : 2 - Type : SERVER-OTHER |
| 2014-04-11 | OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30525-community - Revision : 4 - Type : SERVER-OTHER |
| 2014-05-11 | OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30525 - Revision : 4 - Type : SERVER-OTHER |
| 2014-04-11 | OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30524-community - Revision : 5 - Type : SERVER-OTHER |
| 2014-05-11 | OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30524 - Revision : 5 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response RuleID : 30523-community - Revision : 9 - Type : SERVER-OTHER |
| 2014-05-10 | OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response RuleID : 30523 - Revision : 9 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response RuleID : 30522-community - Revision : 9 - Type : SERVER-OTHER |
| 2014-05-10 | OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response RuleID : 30522 - Revision : 9 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response RuleID : 30521-community - Revision : 9 - Type : SERVER-OTHER |
| 2014-05-10 | OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response RuleID : 30521 - Revision : 9 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response RuleID : 30520-community - Revision : 9 - Type : SERVER-OTHER |
| 2014-05-10 | OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response RuleID : 30520 - Revision : 9 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30517-community - Revision : 11 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt RuleID : 30517 - Revision : 11 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30516-community - Revision : 11 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30516 - Revision : 11 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30515-community - Revision : 11 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt RuleID : 30515 - Revision : 11 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30514-community - Revision : 11 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt RuleID : 30514 - Revision : 11 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30513-community - Revision : 8 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1.2 heartbeat read overrun attempt RuleID : 30513 - Revision : 8 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30512-community - Revision : 8 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1.1 heartbeat read overrun attempt RuleID : 30512 - Revision : 8 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30511-community - Revision : 8 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL TLSv1 heartbeat read overrun attempt RuleID : 30511 - Revision : 8 - Type : SERVER-OTHER |
| 2014-04-10 | OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30510-community - Revision : 8 - Type : SERVER-OTHER |
| 2014-05-08 | OpenSSL SSLv3 heartbeat read overrun attempt RuleID : 30510 - Revision : 8 - Type : SERVER-OTHER |
| 2014-05-01 | multiple binary tags in close proximity - potentially malicious RuleID : 30328 - Revision : 3 - Type : INDICATOR-OBFUSCATION |
| 2014-05-01 | multiple binary tags in close proximity - potentially malicious RuleID : 30327 - Revision : 3 - Type : INDICATOR-OBFUSCATION |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via malicious toolbar... RuleID : 30166 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via malicious toolbar... RuleID : 30165 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30164 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30163 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30162 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30161 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30160 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30159 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30158 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30157 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30156 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30155 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30154 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-12 | Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30153 - Revision : 2 - Type : FILE-OFFICE |
| 2014-04-10 | Microsoft Internet Explorer 10 use after free attempt RuleID : 30107 - Revision : 5 - Type : BROWSER-IE |
| 2014-04-10 | Microsoft Internet Explorer 10 use after free attempt RuleID : 30106 - Revision : 5 - Type : BROWSER-IE |
| 2014-04-05 | Win.Trojan.Zaleelq variant outbound connection RuleID : 30037 - Revision : 3 - Type : MALWARE-CNC |
| 2018-06-15 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003-community - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-04-03 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-03-16 | Microsoft Internet Explorer 10 use after free attempt RuleID : 29820 - Revision : 7 - Type : BROWSER-IE |
| 2014-03-16 | Microsoft Internet Explorer 10 use after free attempt RuleID : 29819 - Revision : 7 - Type : BROWSER-IE |
| 2014-03-08 | Adobe Acrobat Reader malformed shading modifier heap corruption attempt RuleID : 29622 - Revision : 4 - Type : FILE-PDF |
| 2014-02-21 | Styx exploit kit eot outbound connection RuleID : 29453 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page request RuleID : 29452 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit outbound jar request RuleID : 29451 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit outbound connection attempt RuleID : 29450 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29449 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29448 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit jar outbound connection RuleID : 29446 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit fonts download page RuleID : 29445 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit PDF exploit retrieval attempt RuleID : 29131 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit malicious payload download attempt RuleID : 29130 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit jar exploit download - specific structure RuleID : 29129 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit plugin detection page RuleID : 29128 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Angler exploit kit XORed payload download attempt RuleID : 29066 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-18 | Win.Trojan.Egobot variant outbound connection RuleID : 28989 - Revision : 4 - Type : MALWARE-CNC |
| 2014-01-11 | Neutrino exploit kit initial outbound request - generic detection RuleID : 28911 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28890 - Revision : 2 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28889 - Revision : 2 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28888 - Revision : 2 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28887 - Revision : 2 - Type : FILE-PDF |
| 2014-01-10 | Adobe Flash Player ActionScript callMethod type confusion attempt RuleID : 28698 - Revision : 5 - Type : FILE-FLASH |
| 2014-01-10 | Adobe Flash Player ActionScript callMethod type confusion attempt RuleID : 28697 - Revision : 5 - Type : FILE-FLASH |
| 2014-01-10 | Adobe Flash Player ActionScript callMethod type confusion attempt RuleID : 28696 - Revision : 6 - Type : FILE-FLASH |
| 2014-01-10 | Adobe Flash Player ActionScript callMethod type confusion attempt RuleID : 28695 - Revision : 6 - Type : FILE-FLASH |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28657 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28656 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28655 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28654 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28653 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28652 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28651 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28650 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28649 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28648 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28647 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28646 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28645 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28644 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader malformed shading modifier heap corruption attempt RuleID : 28622 - Revision : 7 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 28621 - Revision : 6 - Type : FILE-PDF |
| 2014-01-10 | Angler exploit kit payload download attempt RuleID : 28616 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Angler exploit kit exploit download attempt RuleID : 28615 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Angler exploit kit landing page RuleID : 28614 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Angler exploit kit landing page - specific-structure RuleID : 28613 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Silverlight exploit download RuleID : 28612 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28584 - Revision : 6 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28583 - Revision : 6 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28582 - Revision : 6 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28581 - Revision : 7 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28580 - Revision : 7 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Silverlight ScriptObject untrusted pointer dereference attempt RuleID : 28579 - Revision : 7 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Office Excel RealTimeData record memory corruption attempt RuleID : 28546 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel RealTimeData record memory corruption attempt RuleID : 28545 - Revision : 3 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel RealTimeData record memory corruption attempt RuleID : 28544 - Revision : 3 - Type : FILE-OFFICE |
| 2014-01-10 | Win.Trojan.Terminator RAT variant outbound connection RuleID : 28482 - Revision : 4 - Type : MALWARE-CNC |
| 2014-01-10 | DNS request for known malware domain catlovers.25u.com RuleID : 28481 - Revision : 3 - Type : BLACKLIST |
| 2014-01-10 | DNS request for known malware domain liumingzhen.myftp.org RuleID : 28480 - Revision : 3 - Type : BLACKLIST |
| 2014-01-10 | DNS request for known malware domain liumingzhen.zapto.org RuleID : 28479 - Revision : 3 - Type : BLACKLIST |
| 2014-01-10 | Styx exploit kit landing page request RuleID : 28478 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit outbound pdf request RuleID : 28477 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request by Java - generic detection RuleID : 28476 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request - generic detection RuleID : 28475 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound plugin detection response - generic detection RuleID : 28474 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28460 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28459 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit landing page RuleID : 28458 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28457 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28456 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28455 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28380 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28379 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28378 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28377 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28376 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28375 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28374 - Revision : 6 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader malformed shading modifier heap corruption attempt RuleID : 28361 - Revision : 7 - Type : FILE-PDF |
| 2014-01-10 | Himan exploit kit payload - Oracle Java compromise RuleID : 28309 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Himan exploit kit payload - Adobe Reader compromise RuleID : 28308 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Himan exploit kit landing page RuleID : 28307 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28304 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28298 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 28277 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 28276 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28275 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28274 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28273 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 28252 - Revision : 6 - Type : FILE-PDF |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28214 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28032 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Oracle Java exploit download attempt RuleID : 28031 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - readme.dll RuleID : 27898 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - calc.dll RuleID : 27897 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - contacts.dll RuleID : 27896 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - info.dll RuleID : 27895 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - about.dll RuleID : 27894 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Teletubbies exploit kit payload download RuleID : 27889 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Teletubbies exploit kit payload download RuleID : 27888 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Teletubbies exploit kit payload download RuleID : 27885 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Teletubbies exploit kit exploit attempt for Oracle Java RuleID : 27883 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 RuleID : 27880 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 RuleID : 27879 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit malicious redirection attempt RuleID : 27815 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page request RuleID : 27814 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page with payload RuleID : 27813 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 27785 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Oracle Java exploit download attempt RuleID : 27784 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit possible jar download RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit plugin detection RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit landing page RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da Jar file download RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Kore exploit kit successful Java exploit RuleID : 27697 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Kore exploit kit landing page RuleID : 27696 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Kore exploit kit landing page RuleID : 27695 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27677 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27676 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27675 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27674 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27673 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27672 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27622 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption... RuleID : 27621 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | Osx.Trojan.Janicab file download attempt RuleID : 27549 - Revision : 3 - Type : MALWARE-OTHER |
| 2014-01-10 | Osx.Trojan.Janicab file download attempt RuleID : 27548 - Revision : 3 - Type : MALWARE-OTHER |
| 2014-01-10 | Osx.Trojan.Janicab outbound connection RuleID : 27547 - Revision : 4 - Type : MALWARE-CNC |
| 2014-01-10 | Osx.Trojan.Janicab outbound connection RuleID : 27546 - Revision : 4 - Type : MALWARE-CNC |
| 2014-01-10 | Osx.Trojan.Janicab outbound connection RuleID : 27545 - Revision : 4 - Type : MALWARE-CNC |
| 2014-01-10 | Osx.Trojan.Janicab runtime traffic detected RuleID : 27544 - Revision : 3 - Type : MALWARE-CNC |
| 2014-01-10 | iFramer toolkit injected iframe detected - specific structure RuleID : 27271 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit outbound traffic RuleID : 27144-community - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit outbound traffic RuleID : 27144 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27143 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27142 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27141 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit numerically named exe file dowload RuleID : 27140 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 27072 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 27071 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 26928 - Revision : 11 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 26927 - Revision : 11 - Type : FILE-PDF |
| 2014-01-10 | Sweet Orange exploit kit landing page in.php base64 uri RuleID : 26834-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page in.php base64 uri RuleID : 26834 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt RuleID : 26832 - Revision : 5 - Type : FILE-OFFICE |
| 2014-01-10 | Goon/Infinity/Redkit exploit kit short jar request RuleID : 26808 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26807 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit short JNLP request RuleID : 26806 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit encrypted binary download RuleID : 26805 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page RuleID : 26804 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26668 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer ANIMATECOLOR SMIL access attempt RuleID : 26666 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | BMP extremely large xpos opcodes RuleID : 26665 - Revision : 6 - Type : FILE-IMAGE |
| 2014-01-10 | BMP extremely large xpos opcodes RuleID : 26664 - Revision : 11 - Type : FILE-IMAGE |
| 2014-01-10 | Multiple exploit kit landing page - specific structure RuleID : 26653 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 26652 - Revision : 11 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer ov... RuleID : 26651 - Revision : 11 - Type : FILE-PDF |
| 2014-01-10 | Adobe ColdFusion adminapi information disclosure attempt RuleID : 26621 - Revision : 3 - Type : SERVER-OTHER |
| 2014-01-10 | iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26600 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26599 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26572 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26571 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26570 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26569 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit landing page RuleID : 26536 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit landing page - specific structure RuleID : 26535 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - info.dll RuleID : 26508 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit jar file downloaded RuleID : 26434 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26384 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26383 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit request RuleID : 26377 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page redirection RuleID : 26351 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | TDS redirection - may lead to exploit kit RuleID : 26350 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit obfuscated portable executable RuleID : 26349 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit delivery RuleID : 26348 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit request RuleID : 26347 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit payload requested RuleID : 26346 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26345 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page redirection RuleID : 26344 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear exploit kit landing page RuleID : 26343 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear exploit kit landing page - specific structure RuleID : 26342 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear exploit kit landing page RuleID : 26341 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval - ff.php RuleID : 26339 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | IFRAMEr injection detection - leads to exploit kit RuleID : 26338 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 26337 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit redirection page RuleID : 26297 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page RuleID : 26296 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Impact exploit kit landing page RuleID : 26252 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page RuleID : 26233 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page RuleID : 26232 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 26227 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit redirection page RuleID : 26100 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit redirection page RuleID : 26099 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Java archive transfer RuleID : 26098 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Java archive transfer RuleID : 26097 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit landing page RuleID : 26096 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit landing page RuleID : 26095 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page RuleID : 26094 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 26091 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page RuleID : 26090 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit iframe redirection attempt RuleID : 26033 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page RuleID : 26031 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit redirection page received RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 25986 - Revision : 7 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 25985 - Revision : 9 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer userdata behavior memory corruption attempt RuleID : 25984 - Revision : 9 - Type : BROWSER-IE |
| 2014-01-10 | Adobe ColdFusion component browser access attempt RuleID : 25977 - Revision : 3 - Type : POLICY-OTHER |
| 2014-01-10 | Adobe ColdFusion admin API access attempt RuleID : 25976 - Revision : 3 - Type : POLICY-OTHER |
| 2014-01-10 | Adobe ColdFusion admin interface access attempt RuleID : 25975 - Revision : 3 - Type : POLICY-OTHER |
| 2014-01-10 | Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java malicious class download attempt RuleID : 25833 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java malicious class download attempt RuleID : 25830 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | Fiesta exploit kit landing page detection - specific-structure RuleID : 25808 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Whitehole exploit kit landing page RuleID : 25806 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Whitehole exploit kit Java exploit retrieval RuleID : 25805 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Whitehole exploit kit malicious jar download attempt RuleID : 25804 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit 32-alpha jar request RuleID : 25798 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 25611 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25598 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25597 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25596 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25595 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25594 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25593 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 25591 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 25590 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25576 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25575 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25574 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25573 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page RuleID : 25569 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page retrieval RuleID : 25568 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple Exploit Kit Payload detection - setup.exe RuleID : 25526 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25510 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25509 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25508 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25507 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25506 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25505 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | JavaScript contained in an xml template embedded in a pdf attempt RuleID : 25475 - Revision : 8 - Type : FILE-PDF |
| 2014-01-10 | Microsoft Office RTF malformed pfragments field RuleID : 25393 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Sweet Orange exploit kit obfuscated payload download RuleID : 25391 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 25390 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 25389 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 25388 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - readme.exe RuleID : 25387 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - about.exe RuleID : 25386 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - calc.exe RuleID : 25385 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - contacts.exe RuleID : 25384 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit Payload detection - info.exe RuleID : 25383 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit malicious jar file dropped RuleID : 25382 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25328 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25327 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25326 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25325 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page detected RuleID : 25324 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25323 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25322 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Office Excel IPMT record buffer overflow attempt RuleID : 25296 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel IPMT record buffer overflow attempt RuleID : 25295 - Revision : 3 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel IPMT record buffer overflow attempt RuleID : 25294 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel IPMT record buffer overflow attempt RuleID : 25293 - Revision : 6 - Type : FILE-OFFICE |
| 2014-01-10 | Adobe ColdFusion Admin API arbitrary command execution attempt RuleID : 25267 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | Adobe ColdFusion Admin API arbitrary command execution attempt RuleID : 25266 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25235 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25234 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Styx exploit kit portable executable download request RuleID : 25140 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit eot outbound connection RuleID : 25139 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit pdf outbound connection RuleID : 25138 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit jar outbound connection RuleID : 25137 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection RuleID : 25136 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx Exploit Kit outbound connection RuleID : 25135 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25134 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25133 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25132 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25131 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25130 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25129 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25128 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25127 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25126 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer deleted button use after free attempt RuleID : 25125 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 25123 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 25122 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 25121 - Revision : 5 - Type : FILE-JAVA |
| 2014-01-10 | DNS request for known malware domain losang.dynamicdns.co.uk RuleID : 25069 - Revision : 2 - Type : BLACKLIST |
| 2014-01-10 | Win.Trojan.Riler inbound connection RuleID : 25068 - Revision : 2 - Type : MALWARE-CNC |
| 2014-01-10 | Win.Trojan.Riler variant outbound connection RuleID : 25067 - Revision : 3 - Type : MALWARE-CNC |
| 2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 25056 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 25055 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit requesting payload RuleID : 25045 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 25044 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit url structure detected RuleID : 25043 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Office Word rtf invalid listoverridecount value attempt RuleID : 24975 - Revision : 12 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Word rtf invalid listoverridecount value attempt RuleID : 24974 - Revision : 12 - Type : FILE-OFFICE |
| 2014-01-10 | Nuclear exploit kit landing page detected RuleID : 24888 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24865 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24864 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24863 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24862 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24861 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24860 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - JAR redirection RuleID : 24840 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange exploit kit landing page - specific structure RuleID : 24839 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange User-Agent - contype RuleID : 24838 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sweet Orange initial landing page RuleID : 24837 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit Java Class download RuleID : 24793 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 24784 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 24783 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit outbound request RuleID : 24782 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit outbound request RuleID : 24781 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24780 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24779 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page - Title RuleID : 24778 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24670 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24669 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24668 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | KaiXin exploit kit attack vector attempt RuleID : 24667 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection successful RuleID : 24638 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection page - specific structure RuleID : 24637 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit redirection page - specific structure RuleID : 24636 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page download attempt RuleID : 24608 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page received - specific structure RuleID : 24593 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 24548 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page download attempt RuleID : 24547 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page download attempt RuleID : 24546 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole admin page outbound access attempt RuleID : 24544 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole admin page inbound access attempt RuleID : 24543 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit fallback executable download RuleID : 24501 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole - Cookie Set RuleID : 24475 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page Received RuleID : 24228 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 - URI Structure RuleID : 24227 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page received RuleID : 24226 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 24202 - Revision : 10 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 24201 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Blackhole possible email Landing to 8 chr folder RuleID : 24171 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure RuleID : 24054 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure RuleID : 24053 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 24006 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - fewbgazr catch RuleID : 23962 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - hwehes RuleID : 23850 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole redirection attempt RuleID : 23849 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole redirection attempt RuleID : 23848 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code exec... RuleID : 23845 - Revision : 8 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 23844 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Blackhole redirection page RuleID : 23797 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - Math.round catch RuleID : 23786 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - Math.floor catch RuleID : 23785 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page RuleID : 23781 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page request - tkr RuleID : 23622 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page with specific structure - prototype catch ... RuleID : 23619 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | JavaScript contained in an xml template embedded in a pdf attempt RuleID : 23612 - Revision : 11 - Type : FILE-PDF |
| 2014-01-10 | JavaScript contained in an xml template embedded in a pdf attempt RuleID : 23611 - Revision : 10 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 23524 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 23523 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader malicious TIFF remote code execution attempt RuleID : 23522 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Possible unknown malicious PDF RuleID : 23521 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Possible unknown malicious PDF RuleID : 23520 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Possible malicious pdf cve-2010-0188 string RuleID : 23519 - Revision : 3 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 23518 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 23517 - Revision : 5 - Type : FILE-PDF |
| 2014-01-10 | Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 23305 - Revision : 10 - Type : FILE-OFFICE |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 23277 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 23276 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 23275 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java field bytecode verifier cache code execution attempt RuleID : 23274 |