TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
207
Successful exploitation of this vulnerability can lead to the Java "sandbox" being disabled. Sun JRE (Solaris Production
Release) 1.3.1 and prior versions are vulnerable.
Signature ID: 1434
MySQL MaxDB Webtool HTTP POST request Stack Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0684 CVE-2005-0684 Bugtraq: 13368,13369
Signature Description: MySQL MaxDB is a heavy-duty, SAP-certified open source database. A web based application
interface Webtool which acts as a HTTP server is provided with MaxDB. A remote buffer overflow vulnerability exists
in the way Webtool component recognize and interprets the special characters. This issue is due to a failure of the
application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An
attacker may exploit this issue by sending a malicious HTTP POST request containing a percent sign (%) with 4,000
bytes as a file parameter to MaxDB Webtool default port 9999. Successful exploitation may allow execution of
arbitrary code with the privileges of the user that activated the vulnerable application.
Signature ID: 1435
Real Player ActiveX Control Exported Functions HandleAction , ShowPreferences Argument
Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0189 Bugtraq: 12311
Signature Description: RealNetworks RealPlayer is a multimedia application that allows users to view local and remote
audio/video content. The RealPlayer ActiveX control allows web authors to embed the RealPlayer application in
HTML documents and have control over it. One of the exported functions of the RealPlayer ActiveX control is
HandleAction, which executes a method or action. When the HandleAction function is used to call the
ShowPreferences method, the RealPlayer preferences dialog is displayed, showing the specified category and page.
RealPlayer 10.5 (6.0.12.1040) and earlier versions are vulnerable to execute arbitrary code via a long ShowPreferences
argument. The ShowPreferences method concatenates its two arguments and then makes an unchecked call to sprintf().
By passing long arguments to ShowPreferences, an attacker can cause a stack-based buffer overflow to occur. Any
browser that supports ActiveX may be affected.
Signature ID: 1436
Microsoft Internet Explorer Channel Definition Format Script Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0056 CVE-2005-0055 Bugtraq: 12427
Signature Description: Channel Definition Format (CDF) is an XML standard used in conjunction with Microsoft
Active Channel and Smart Offline Favorites technologies. Its use is to define a web site's content and structure.
Microsoft Internet Explorer contains a vulnerability in handling "channel" (CDF) files. The Active Channel data that is
to be downloaded is specified in the CDF file in the form of a URL. Only http, https and ftp protocols are allowed to
download the Active Channel Data. The downloaded files are then properly scrutinized and executed in the context of
Internet Security Zone. But Internet Explorer fails to do proper validity checks on the URLs found in CDF files. A
remote attacker could create a specially-crafted URL link, which would be executed in the victim's Web browser within
the security context of the Internet zone, once the link is clicked. An attacker could exploit this vulnerability by
creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email. Versions
5.01 SP3 and SP4, 5.5 SP2, 6 SP1 of Microsoft Internet Explorer.
Signature ID: 1437
Microsoft Internet Explorer Drag and Drop Events File Download Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0053 Bugtraq: 11466