TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

121

122

123

124

125

126

127

128

129

130

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

122

operating systems. It supports a variety of playlist formats including .m3u and .pls. Apple iTunes 4.7 is vulnerable, a

playlist allows a user to organize the order in which media files are played. In addition to media files, URLs to digital

streams can be included in a <br>playlist. There is a buffer overflow vulnerability in the way iTunes parses URL

entries in .m3u and .pls playlist files. An attacker could exploit this vulnerability by constructing a specially crafted

playlist containing a very long URL to execute arbitrary code. To exploit this vulnerability, an attacker would need to

convince a user to open a malicious playlist file using this vulnerable version. Patches are available at apple website.

Signature ID: 1023

Internet Explorer PNG Image Rendering Component Buffer Overflow Vulnerability/Libpng

Graphics Library Large tRNS Chunk Buffer Overflow vulnerability

Threat Level: Severe

Industry ID: CVE-2004-0597 CVE-2005-1211 Bugtraq: 13941,10857

Signature Description: The Portable Network Graphics (PNG) format is an established image standard and well

supported in applications that view images. Microsoft's PNG filter library is a multi-purpose implementation of PNG

rendering, and is used by applications such as Internet Explorer. The PNG image rendering component of Microsoft

Internet Explorer (pngfilt.dll) does not properly handle PNG image files, potentially allowing a buffer overflow to

occur. A PNG image consists of a PNG header followed by a sequence of "chunks" (PNG specification defines 18 such

chunk types). PNG format stores the information about the image in the form of chunks and each type of chunk

conveys some specific information about the image. A remote attacker could create a specially-crafted PNG image with

large tRNS chunk to overflow a buffer and execute arbitrary code on the system. If a user opens a specially-crafted

PNG image using a vulnerable version of Internet Explorer, an attacker may be able execute arbitrary code. An attacker

who successfully exploited this vulnerability may be able to execute arbitrary code with the privileges of the user or

cause Internet Explorer to terminate. Administrators are advised to install the updates mentioned in MS05-025. Libpng

is a Portable Network Graphics (PNG) library for Unix platforms. Libpng versions 1.2.5 and prior affected by same

vulnerability.

Signature ID: 1024

Microsoft Internet Explorer Object Tag Type Property Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2003-0344 Bugtraq: 7806

Signature Description: Microsoft Internet Explorer versions 5.1, 5.5 and 6.0 are vulnerable to a buffer overflow by

using 'Type' property of 'Object' tag. The 'Object' tag is used to insert objects such as ActiveX components into HTML

pages and the 'Type' property of the 'Object' tag is used to set or retrieve the MIME type of the object such as

'plain/text', 'application/hta' etc., The length check of the buffer size for Type property can be bypassed when the buffer

includes '/' characters. The '/' character is modified to 3 characters '_/_' while copying and the length check is done prior

to modification. Because of this expansion, buffer will be overflown and allows execution of arbitrary code. An

attacker could create an HTML file that includes a malicious OBJECT tag to execute arbitrary code on the victim's

machine. When a victim using a vulnerable version of IE, or other applications that use IE as their HTML interpreter,

visits the malicious file (via web page, email message, file sharing, etc.), the attacker-supplied code will be executed.

Microsoft has addressed this issue in security bulletin MS03-020.

Signature ID: 1025

NullSoft Winamp IN_CDDA.dll File Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2004-1119

Bugtraq: 11730 Nessus: 15817

Signature Description: Winamp is a media player for Microsoft Windows developed by NullSoft. Winamp version

5.05 and earlier are vulnerable to a stack-based buffer overflow, caused by improper bounds checking of .cda files

within a .m3u or .pls playlist file. The vulnerability specifically exists in cdda.dll library where Winamp handles

CDDA entries contained in playlist files. Winamp copies the filename in a CDDA (.cda) media path to a 16-byte buffer

without first checking its size. By supplying an overly long .cda file name, a remote attacker can overflow the buffer