TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1006
Signature ID: 35802
MicroWorld Technologies MailScan Information Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-3729 Bugtraq: 30700
Signature Description: MailScan 5.6 is the Real-Time AntiVirus and AntiSpam solution for Mail Servers. The software
safeguards organizations against Virus, Worm, Trojan and many other malware breeds with proactive technologies. It
offers powerful protection against Spam and Phishing mails along with comprehensive content Security. MicroWorld
Technologies MailScan 5.6.a espatch1 is vulnerable to information disclosure vulnerability. It is possible to access the
logfiles of the application because the folder "/LOG" inside the webroot ("C:\Program Files\Common
Files\MicroWorld\WebServer") is not protected. The logfiles contain information, like installation path, ip addresses,
and error messages. By modifying the cookie parameter, a remote attacker could exploit this vulnerability to bypass
security restrictions and gain unauthorized administrative access to the vulnerable system. No remedy is available as of
22 November, 2008.
Signature ID: 35803
Google Chrome Browser Meta Character URI Obfuscation Vulnerability
Threat Level: Warning
Signature Description: Google Chrome is a freely available web browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier. Google Chrome 0.4.154.25 and prior versions are
vulnerable to URI Obfuscation vulnerability. An attacker can easily perform malicious redirection by manipulating the
browser functionality. The link can not be traversed properly in status address bar. This could facilitate the
impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. The URI
specified with @ character with or without NULL character causes the vulnerability. No patch details are available as
of 25 November, 2008 to resolve this issue.
Signature ID: 35804
W3C Amaya 10.1 Web Browser (id) Remote Stack Overflow Vulnerability
Threat Level: Severe
Signature Description: Amaya is a Web editor, i.e. a tool used to create and update documents directly on the Web.
Browsing features are integrated with the editing and remote access features in a uniform environment. W3C Amaya
10.1 web browser is vulnerable to remote stack Overflow vulnerability. By sending a long string containing alpha
numeric and special characters alternately to "id" variable of div tag a remote attacker can overflow stack and will
cause denial of service condition. No remedy is available as of 25 November 2008 to resolve this issue.
Signature ID: 35806
Nero ShowTime 5.0.15.0 m3u Playlist File Remote Buffer Overflow Vulnerability
Threat Level: Severe
Bugtraq: 32446
Signature Description: Nero ShowTime is a media player application for Microsoft Windows. It is used for
reproducing video files. This player supports the DVD, SVCD, DivX, XviD, MPEG1, MPEG2, MPEG4, and MP4
formats and more. Nero ShowTime 5.0.15.0 is prone to remote buffer-overflow vulnerability. This issue occurs because
it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when opening a large '.m3u'
playlist file. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of
the application. Failed attacks will cause denial-of-service conditions. No patch details are available as of 25 November
2008 to resolve this issue.