TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
121
Signature ID: 1017
Microsoft Windows Media Player PNG Image Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-1244
Bugtraq: 12485
Signature Description: The Portable Network Graphics (PNG) format is an established image standard and well
supported in applications that view images. Microsoft Windows Media Player version 9 (when running on Windows
2000, Windows XP SP1 and SP2, or Windows Server 2003), Microsoft MSN Messenger 6.1 and 6.2, Windows 98,
Windows 98 SE and Windows ME are vulnerable to a buffer overflow, caused by improper handling of PNG (Portable
Network Graphics) files. A PNG image consists of a PNG header followed by a sequence of "chunks" (PNG
specification defines 18 such chunk types). PNG format stores the information about the image in the form of chunks
and each type of chunk conveys some specific information about the image. A remote attacker could create a specially-
crafted PNG image with large width or height value in IHDR chunk to overflow a buffer and execute arbitrary code on
the system. An attacker who successfully exploited this vulnerability may be able to execute arbitrary code with the
privileges of the user. Users are advised to install the updates mentioned in MS05-009. This signature detects attacks
patterns after detected pattern IHDR, it is checking at relative-offset 0 for 4 bytes value.
Signature ID: 1020
Directory Traversal Attempt Using Content-Disposition Filename Parameter vulnerability
Threat Level: Severe
Industry ID: CVE-2003-0228 Bugtraq: 7517
Signature Description: Windows Media Player is a digital media player and media library application developed by
Microsoft, that is used for playing audio, video and viewing images on personal computers running the Microsoft
Windows operating system. Media Player 7.1 and Windows Media Player for Windows XP are vulnerable, these
versions allows remote attackers to execute <br>arbitrary code. This media pleyer downlods shins with HTTP protocol,
attacker will execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C)
that causes an executable to be placed in an arbitrary location. Content-disposition is an MIME entity which allows to
save a file with a specified name through filename parameter. This rule triggers when the filename parameter contains a
sequence similar to ../ or ..\ which indicates a directory traversal attempt. Patches are available at microsoft website.
Signature ID: 1021
Microsoft Internet Explorer Bitmap Image File Integer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0566 CVE-2004-1922 Bugtraq: 9663,10097
Signature Description: Windows Internet Explorer commonly abbreviated to IE, is a series of graphical web browsers
developed by Microsoft. Microsoft Internet Explorer in Windows 2000 is vulnerable to an integer overflow while
processing a BMP image file. A bitmap image always starts with two fixed characters 'BM'. bfOffbits, a field in bitmap
file is a 4 byte length field which specifies the byte offset from the beginning of the file at which the bitmap data starts.
MSHTML.DLL in Internet Explorer parses the BMP file and tries to store the bfOffbits size as a signed integer. By
creating a specially crafted BMP file with bfOffbits field set to a large value such as > 2^31 can cause integer overflow
while processing the file by Internet Explorer. An attacker could exploit this vulnerability by hosting the malicious file
on a Web site or by sending it to a victim as an HTML email. Successful exploitation allows a remote attacker to
execute arbitrary code on a vulnerable system. Administrators are advised to install the updates mentioned in MS04-
025.
Signature ID: 1022
Apple iTunes pls/m3u Playlist Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0043
Bugtraq: 12238
Signature Description: Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X