*** EX RELS 03322 Release ***
Total number of signatures: 6043

Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities
and applications as below:


Added 18 rule(s):
---------------
1133578	WEB GoAhead system.ini Information Disclosure Vulnerability (CVE-2017-5674)
1133588	EXPLOIT Memcached process_bin_update body_len Integer Overflow -7 (CVE-2016-8705)
1133589	EXPLOIT Memcached process_bin_update body_len Integer Overflow -8 (CVE-2016-8705)
1133597	WEB-ACTIVEX Microsoft Windows DirectShow Information Disclosure -1 (CVE-2017-0042)
1133601	WEB b374k WEB Shell Activity -1
1133603	WEB b374k WEB Shell Activity -2
1133604	WEB-ACTIVEX Microsoft Windows DirectShow Information Disclosure -1 (CVE-2017-0042)
1133605	WEB Moxa MXview Private Key Disclosure Vulnerability (CVE-2017-7455)
1133606	EXPLOIT Memcached process_bin_sasl_auth Integer Underflow -2 (CVE-2016-8706)
1133607	MALWARE Suspicious IoT Worm TELNET Activity -4
1133608	WEB Trend Micro InterScan Web Security ManagePatches filename Remote Code Execution (ZDI-16-348)
1133609	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 89 (Ransomware Attack Vector)
1133610	WEB Trend Micro SafeSync for Enterprise restartService Command Injection -1 (ZDI-17-130)
1133611	WEB Trend Micro SafeSync for Enterprise restartService Command Injection -2 (ZDI-17-130)
1133612	WEB Trend Micro Control Manager lang Parameter Arbitrary File Inclusion (ZDI-17-069)
1160201	MEDIA YouTube access via UDP -4
1160202	MEDIA Youku.com access via SSL -1
1160203	MEDIA Youku.com access via SSL -2

Modified 13 rule(s):
---------------
1059958	WEB Directory Traversal -27
1065006	WEB Alibaba.com login via SSL -1
1065542	MEDIA Youku.com media via TCP -3
1066103	MEDIA Youku.com login via SSL -1
1068405	MEDIA Youku.com media via TCP -6
1068664	MEDIA YouTube access via UDP -2
1131155	WEB-CLIENT WScript.Shell Remote Code Execution -3
1132235	FILE Adobe Flash DomainMemory Integer Overflow -3 (CVE-2015-8651)
1132853	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 75 (Ransomware Attack Vector)
1133205	WEB SQL injection attempt -82
1133409	EXPLOIT Memcached process_bin_sasl_auth Integer Underflow -1 (CVE-2016-8706)
1133572	WEB Shell Spawning Attempt via telnetd -1
1133594	FILE Microsoft Office/WordPad Remote Code Execution Vulnerability (CVE-2017-0199)

Deleted 5 rule(s):
---------------
1133458	WEB-CLIENT JavaScript Heap Exploitation -3 (old rule)
1133509	WEB-CLIENT JavaScript Heap Exploitation -4.1 (old rule)
1133510	WEB-CLIENT JavaScript Heap Exploitation -5.1 (old rule)
1133511	WEB-CLIENT JavaScript Heap Exploitation -6.1 (old rule)
1133512	WEB-CLIENT JavaScript Heap Exploitation -13 (old rule)