TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
198
Signature ID: 1393
Sql Injection attempt with xp_regdeletekey vulnerability
Threat Level: Warning
Signature Description: Windows allows the execution of Windows shell commands through the SQL Server. The
access rights with which these commands will be executed are those of the account with which SQL Server is running,
usually Local System. Alternatively, attacker may also try and delete the registry using procedure xp_regdeletekey.
This event is generated when an attempt to exploit SQL Injection vulnerability on the remote machine. xp_regdeletekey
is an extended stored procedure will delete an entire in the registry key.
Signature ID: 1394
Sql Injection with xp_regread Vulnerability
Threat Level: Warning
Signature Description: Windows allows the execution of Windows shell commands through the SQL Server. The
access rights with which these commands will be executed are those of the account with which SQL Server is running,
usually Local System. Alternatively, attacker may also try and modify the registry using procedures such as
xp_regread. This event is generated when an attempt to exploit SQL Injection vulnerability on the remote machine.
xp_regread is an extended stored procedure to read the registry keys.
Signature ID: 1395
SQL Injection attempt using xp_regwrite vulnerability
Threat Level: Warning
Signature Description: Windows allows the execution of Windows shell commands through the SQL Server. The
access rights with which these commands will be executed are those of the account with which SQL Server is running,
usually Local System. Alternatively, attacker may also try and modify the registry using procedures such as
xp_regwrite. This event is generated when an attempt to exploit SQL Injection vulnerability on the remote
machine.xp_regwrite is an extended stored procedure is used to write to the registry.
Signature ID: 1396
Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability-1
Threat Level: Information
Industry ID: CVE-2005-2831
Bugtraq: 15827
Signature Description: Microsoft Internet Explorer 5.01, 5.5 and 6 are prone to a memory corruption vulnerability that
is related to the instantiation of COM objects. COM objects may corrupt system memory and facilitate arbitrary code
execution in the context of the currently logged in user on the affected computer. When instantiating a COM objects as
an ActiveX control, a memory corruption error can occur. A remote attacker could exploit this vulnerability by creating
a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email. The attacker could
execute arbitrary code on the system and take complete control over the victim's system. User can set a kill bit to the
clsid DF0B3D60-548F-101B-8E65-08002B2BD119 to resolve this issue.
Signature ID: 1397
Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2831
Bugtraq: 15827
Signature Description: Microsoft Internet Explorer 5.01, 5.5 and 6 are prone to a memory corruption vulnerability that
is related to the instantiation of COM objects. COM objects may corrupt system memory and facilitate arbitrary code
execution in the context of the currently logged in user on the affected computer. When instantiating a COM objects as
an ActiveX control, a memory corruption error can occur. A remote attacker could exploit this vulnerability by creating
a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email. The attacker could