TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1049
certain security restrictions. The vulnerable program is the binary realplay.exe. The problematic parameter is a URL
employing the file:// scheme embedded with a RealMedia clip.
Signature ID: 38076
MailEnable IMAP Service Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2004-2501
Signature Description: A vulnerability exists in the way the IMAP service in MailEnable parses IMAP data. Specially
crafted data sent to the IMAP service can trigger a buffer overflow. An attacker can exploit this vulnerability to create a
denial of service condition or execute arbitrary code.The vulnerable program is the application program
MEIMAPS.exe.The vulnerable function is a string copy function in MEIMAPS.exe.The vulnerable parameter is the
IMAP request string..
Signature ID: 38077
Firefox Command Line URL Shell Command Injection
Threat Level: Warning
Industry ID: CVE-2005-2968
Signature Description: A vulnerability exists in the Firefox browser start-up script. The script does not properly
sanitize URLs supplied to it by external programs. This vulnerability can be exploited to run arbitrary shell commands
with the privileges of the currently logged in user.The problematic program is the shell script firefox.The vulnerable
parameter is the URL string passed to the firefox script.
Signature ID: 38079
RealNetworks RealPlayer URL Parsing Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2004-0550
Signature Description: A vulnerability exists in the way RealNetworks' RealPlayer products handle the parsing of
URLs. A heap buffer overflow can occur when parsing a URL with a large number of period characters ("."). Using a
specially crafted URL, an attacker can exploit this vulnerability to remotely execute arbitrary code.The vulnerability
exists in the Real Player client. The executable for the Real Player client is usually named realplay.exe.The
vulnerability occurs in the shared library component of RealPlayer called pnen3260.dll. This component is located in
'%PROGRAM_FILES%\\Common Files\\Real\\Common'. The vulnerable function creates a parameters tree view for
the statistic window.The parameter that causes this vulnerability is the host-name of a HTTP URL
Signature ID: 38080
LZH compression. Invalid level field in the header
Threat Level: Warning
Industry ID: CVE-2004-0234
Signature Description: LHA is an archiving and compression utility for LHarc format archives.The level field is
supposed to be zero at offset 20. Some applications trying to decompress a lzh file with invalid level field are
vulnerable to buffer overflow. LHA 1.14 is the vulnerable version. patches are available from vendors web site please
upgrade the patches.
Signature ID: 38081
Microsoft Internet Explorer URL Spoofing
Threat Level: Warning
Industry ID: CVE-2003-1025
Signature Description: A weakness has been reported in Microsoft Internet Explorer which may allow attackers to
conceal the URI to a page. The problem is said to occur when a URI designed to pass access to a location with a user-