TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

201

202

203

204

205

206

207

208

209

210

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

208

Signature Description: Microsoft DHTML events are special actions that are provided by the DHTML Object Model.

Drag-and-Drop technology incorrectly validates some dynamic HTML (DHTML) events. DHTML Drag-and-Drop

events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone.

Microsoft Internet Explorer do not properly validate objects before placing them on local machine when DHTML Drag

and Drop events are used. This vulnerability permits a file to be downloaded to the user's system after the user clicks a

link or drag and drops an object. An attacker who successfully exploited this vulnerability could cause an executable

file to be saved on the user's system. A malicious HTML page or email can completely compromise a user's system by

installing arbitrary files in the "Startup" folder which will be executed upon next reboot. To exploit this vulnerability,

an attacker would have to host a malicious Web site that contained a Web page that was designed to exploit this

vulnerability and then persuade a user to visit that site. Patches MS05-008 as well as MS05-014 are required to

completely patch this vulnerability.

Signature ID: 1438

Mozilla Firefox Favicon Link Tag Java Script Execution Vulnerability

Threat Level: Warning

Industry ID: CVE-2005-1155

Bugtraq: 13216

Signature Description: Firefox and the Mozilla Suite support custom "favicons" through the <LINK rel="icon"> tag.

Browsers that support favicons display them in the browser's URL bar, next to the site's name in lists of bookmarks,

and next to the page's title in a tabbed document interface. The link tag allows to load a custom image as the icon for a

website. Mozilla user interface components like toolbars, menu bars, progress bars, and window title bars can be

modified using a script-based technology called Chrome. Mozilla executes a favicon link tag as a chrome script and

these scripts have elevated privileges. Because of the extra privileges, they can perform actions that web scripts cannot.

Chrome scripts also do not prompt for permission before executing potentially dangerous commands. Firefox versions

prior to 1.0.3 and Mozilla Suite versions prior to 1.7.7 allow execution of javascript in the href argument of link tag. By

setting the href attribute of link tag to a javascript url, it is possible to call chrome functions and run arbitrary code

without user interaction. Attackers could exploit this vulnerability by adding a favicon link tag into a web page

containing a malicious Javascript URL and then enticing a victim to visit the web page. Successful exploitation enables

attackers to execute arbitrary script code or cause a denial of service with elevated privileges.

Signature ID: 1439

Mozilla Suite And Firefox Search Plug-In JavaScript Execution Vulnerability

Threat Level: Warning

Industry ID: CVE-2005-1156

CVE-2005-1157 Bugtraq: 13211

Signature Description: Mozilla browsers provide search plugin facility to show Search Engine interfaces based on

Apple's Sherlock files. To perform an Internet search, the Sherlock application sends query information to one or more

Internet search sites. The information returned by the search sites is interpreted by the Sherlock application and then

displayed. Firefox enables users to add a new search engine, or modify the old search engine (Google, by default) by

calling the sidebar.addSearchEngine() function and passing a Sherlock file (with .src extension) into this function.

Mozilla Firefox versions prior to 1.0.3 and Mozilla Suite versions prior to 1.7.7 are vulnerable to cross-site scripting

caused by improper sanitization of user-supplied Sherlock files. By creating a special Sherlock file it is possible to run

javascript code in the security context of the currently active tab. This allows to create search engines that silently

monitor all website displayed while searching (e.g. to steal sessions cookies) and/or that wait for a privileged page (e.g.

chrome or about:config) to run arbitrary code such as installing malicious software on the victim's machine.

Signature ID: 1440

Mozilla Firefox Sidebar Panel _search target Script Code Execution Vulnerability

Threat Level: Warning

Industry ID: CVE-2005-1158

Bugtraq: 13231

Signature Description: Mozilla Firefox is a free, open source, cross-platform graphical web browser. Firefox provides a

facility to load the web pages in sidebar web panel. Sites can use the _search target (like target=_search") to open links