TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

121

122

123

124

125

126

127

128

129

130

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

123

when the file is processed by Winamp. By convincing a user to open a specially crafted playlist file, a remote

unauthenticated attacker may be able to execute arbitrary code. This can be achieved by creating a specially crafted

web page or other HTML document that may launch Winamp without any user interaction. Users are advised to install

newer version of Winamp.version 5.0.1 to 5.0.6 are prior versions are vulnerabe. Patches are available at winamp

website.

Signature ID: 1026

Microsoft Windows WinHlp Item Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2002-0823

Bugtraq: 4857

Signature Description: The HTML Help ActiveX control provides a rich feature set for help systems. Key features

include: an expanding table of contents, keyword search, shortcuts, and pop-up help topics. The control is one of the

authoring components that ships with Microsoft HTML Help.<br>Microsoft Windows XP Professional and prior

verions, Microsoft Windows NT Workstation 4.0 SP6a and prior versions are vulnerable. These verions allow remote

attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx)

with a long pathname in the Item parameter. No remedy is available.

Signature ID: 1027

HTTP /cgi-bin Directory Access Vulnerability

Threat Level: Information

Signature Description: Cgi-bin is the directory that holds CGI scripts and programs written usually in Perl or Unix

Shell. cgi-bin could allow an attacker to gain sensitive information and execute inappropriate commands on a CGI

application(running on a web server), when accessing the /cgi-bin/ directory.

Signature ID: 1028

/cgi-dos/ HTTP access Vulnerability

Threat Level: Information

Signature Description: A computer program that is responsible for accepting HTTP requests from clients and serving

them HTTP responses along with optional data contents is known as a web server. O'Reilly's Website Pro is a web

server. This rule detects possible unauthorized access to the CGI application running in the web server by detecting

/cgi-dos/ content in the URI. This successful exploitation can allow an attacker to access batch files and then execute

arbitrary commands.

Signature ID: 1029

AHG Search Engine Search.CGI Arbitrary Command Execution Vulnerability

Threat Level: Warning

Industry ID: CVE-2002-2113 Bugtraq: 3985

Signature Description: AHG is a search engine that searches html pages in your local directory tree and returns the list

of links to the pages where entered keyword(s) are found. Search.CGI is a component of the HTMLsearch Search

Engine software distributed by AHG. AHG HTMLsearch 1.0 is vulnerable, this HTMLsearch is not validating properly

the user-supplied input in the search.cgi script, so a remote attacker can send a crafted URL containing arbitrary

commands separated by semicolon(;) or pipe(|) characters to execute arbitrary commands on the Web server. No

remedy available as of August 2008.

Signature ID: 1030

AT-generated.cgi web access vulnerability

Threat Level: Information

Industry ID: CVE-1999-1072

Signature Description: This rule detects possible execution of arbitrary code or unauthorized access to the CGI