TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1005
2008 but alternately user can set kill bit to clsid 474FCCCD-1B89-4D34-9E09-45807F23289C corresponding to the
progid ChilkatSocket.ChilkatSocket.1 to resolve this issue.
Signature ID: 35699
Skype Toolbars Extension for Firefox BETA Clipboard Security Weakness
Threat Level: Warning
Bugtraq: 31613
Signature Description: Skype Toolbars Extension for Firefox BETA provides Skype VOIP features to the web
browser. Skype Toolbars Extension for Firefox BETA 2.2.0.95 is vulnerable to remote code execution vulnerable. The
application is prone to a security weakness that allows attackers to inject arbitrary content into a user's clipboard. This
issue affects the 'skype_tool.copy_num()' function, which permits arbitrary content to be appended to a user's clipboard
by using the '+' operator. Attackers can exploit this issue to write content to a victim's clipboard. As a result, attacker-
supplied URIs can persist in the victim's clipboard. No remedy is available as of 21 November, 2008.
Signature ID: 35700
Possible Cisco IOS Secure Copy Authorization Bypass
Threat Level: Warning
Industry ID: CVE-2007-4263 Bugtraq: 25240
Signature Description: Cisco IOS allows any authenticated user to use Secure Copy(SCP) Server Service. This Service
is intended to copy useful information on to Cisco Router. Some Versions of Cisco IOS allows any valid user to read,
write and overwrite any file, including configuration files on the router. Masqueraders takes this facility to modify the
router files. Successful attackers gains full access on the router. This rule hits when any remote user access vulnerable
Cisco routers Such as (Cisco-12.2IXA to Cisco 12.2SXF including 12.2ZU) using any SCP/SSH agents.
Signature ID: 35800
Microsoft XML Core Services DTD Cross-Domain Scripting
Threat Level: Warning
Industry ID: CVE-2008-4029 Bugtraq: 32155
Signature Description: Microsoft XML Core Services (MSXML) allows customers who use JScript, Visual Basic
Scripting Edition, and Microsoft Visual Studio 2005 to build high-performance XML-based applications that provide a
high degree of interoperability with other application. Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0, Windows
2000 SP4, XP SP3, 2003 SP2, Vista SP1, 2008 and prior service packs are vulnerable to arbitrary code execution
vulnerability. A remote user can create HTML that, when loaded by the target user via Internet Explorer, will trigger a
flaw in the error checking of external document type definitions (DTDs) and access information from arbitrary domains
on the target user's browser. The vendor has issued a fix to resolve this issue.
Signature ID: 35801
CitectSCADA ODBC Server Remote Stack Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-2639
Bugtraq: 29634
Signature Description: CitectSCADA is a Supervisory Control and Data Acquisition system used to control and
monitor various automated devices such as Programmable Logic Controllers (PLCs) and Remote Terminal Units
(RTUs) via an integrated Human Machine Interface (HMI). Citect CitectSCADA 7, Citect CitectSCADA 6 and Citect
CitectFacilities 7 are vulnerable to remote stack based buffer overflow vulnerability. The system's ODBC server listens
for client requests on TCP port 20222 by default. Data supplied by the first packet in a request specifies the length of
data in the following packet and is used to allocate memory for a fixed-size buffer. The server then copies data from the
second packet into the buffer without confirming the length of the data. This can cause arbitrary data to be written
beyond the bounds of the buffer. Attackers can exploit this issue to execute arbitrary code in the context of the
application. Failed attacks will likely cause denial-of-service conditions.