TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
201
Signature ID: 1406
Microsoft Internet Explorer IFRAME Status Bar URI Spoofing Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-4679
CVE-2004-1121 CVE-2005-3699 CVE-2005-4678 Bugtraq: 11590
Signature Description: Internet Explorer 6 for Windows XP Service Pack 2 is vulnerable to URI spoofing, Microsoft
Internet Explorer can not handle embedded frames with links surrounded by an other link. Due to mishandling of
<href> tag with IFRAME tag allows the attacker to display a genuine URI, while in background, taking the user to
some other site. Such a thing causes phishing. The attacker could use additional social engineering techniques to trick
the victim into disclosing sensitive information such as credit card numbers, account numbers, and passwords.
Signature ID: 1407
McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement Vulnerability
Threat Level: Critical
Industry ID: CVE-2004-0095 Bugtraq: 9476
Signature Description: McAfee ePolicy Orchestrator (ePo) is an antivirus program management tool for Microsoft
Windows operating systems. The McAfee ePolicy Orchestrator agent version 3.0 has been reported to a buffer
overflow vulnerability that may be exploited to crash the affected agent. The vulnerability lies in improper parsing
when receiving an HTTP POST request with an invalid value in the Content-Length header. The vulnerability may
cause DoS or arbitrary code execution.
Signature ID: 1409
Microsoft Help and Support Center Argument Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0907 Bugtraq: 10119
Signature Description: Help and Support Center(HSC) is a feature of Microsoft Windows that enables users to
download and install software updates, check hardware compatibility and perform other system related tasks. HSC is
installed by default on Windows XP and Windows Server 2003 systems. Windows XP and Windows Server 2003 are
vulnerable versions existed an argument injection vulnerability in HSC. By creating a specially-crafted hcp URL(By
embedding quotes in the argument, it is possible to insert new arguments to the command), a remote attacker could
execute arbitrary code on the victim's computer, with privileges of the victim, once the URL is clicked. An attacker
could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a
victim as an HTML email.
Signature ID: 1411
Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-1188
Bugtraq: 17468
Signature Description: Microsoft Internet Explorer 6 is vulnerable to a Memory corruption vulnerability that could
allow a remote attacker to execute arbitrary code on the system. The vulnerability is caused while handling some of
HTML tags that are placed in improper manner. The HTML tag <PRE> is used to display text in a way that preserves
the letters and spaces so that the rendered output is similar to the way the text was originally formatted. The HTML tag
SPAN is used to apply a style, using Cascading Style Sheets (CSS), to a specific block of HTML. When these tags
were not properly closed or mentioned in a HTML file, internal memory structures will not be properly initialized and
may crash the IE browser. Microsoft indicated that code execution is possible but other researchers reported that code
execution is unlikely. If code execution is possible, it would execute in the security context of the logged in user. A
remote, unauthenticated attacker could exploit this vulnerability by crafting an HTML file that contains a specific
combination of HTML tags and style attributes, and then persuading unsuspecting users to open the crafted document
using a vulnerable version of Internet Explorer. Install the updates mentioned in Microsoft security bulletin MS06-013.
Microsoft Internet Explorer 6.0 SP1 and Microsoft Internet Explorer 6.0 are prone to this vulnerability.