TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
211
Signature ID: 1448
Microsoft Internet Explorer JPEG Image Rendering Library Memory Corruption Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1988
CVE-2005-2308 Bugtraq: 14282,14284,14285,14286
Signature Description: The Image rendering library that is used to display JPEG files in Internet Explorer doesn't
properly handle crafted JPEG images. The vulnerability specifically exists in mshtml.dll due to a lack of boundary
checks in the JPEG decoder functions. A remote attacker can create a malicious JPEG image which, once the image is
viewed, could allow the attacker to execute arbitrary code on the system with privileges of the victim or create a denial
of service condition. An attacker could exploit this vulnerability by creating a malicious Web page or an HTML e-mail
message and then persuading the user to visit the page or to view the HTML e-mail message. Microsoft Internet
Explorer with version 5.x series of SP1, SP2 ,SP3,SP4 are prone to this vulnerability. Administrators are advised to
install the updates mentioned in MS05-038.
Signature ID: 1449
RealNetworks RealPlayer vidplin.dll AVI file Processing Heap Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2052 CVE-2008-0011 Bugtraq: 13530,29581
Signature Description: Real Networks' Real Player is a streaming audio and video player for Microsoft Windows
platforms. Real Player is vulnerable to a heap overflow while processing specially crafted AVI files. The vulnerability
specifically exists in vidplin.dll which is called by Real Player while processing AVI files. The Microsoft AVI file
format is a RIFF file specification used with applications that capture, edit, and play back audio-video sequences. In
general, AVI files contain multiple streams of different types of data. The stream format chunk (strf) describes the
format of the data in the stream. Real Player relies on a strf structure value and allocates a fixed memory space of
0x428 bytes to copy the data of strf chunk from the AVI file. By constructing a crafted AVI file with strf chunk size
more than 0x428 bytes and convincing a user to view the file in Real Player can cause the overflow in vidplin.dll. The
vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code
in the context of the user who executed the player.Real Networks RealPlayer versions prior to 10.5 have this
vulnerability.
Signature ID: 1450
ViRobot Linux Server addschup Binary Cookie Overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2041 Bugtraq: 13964 Nessus: 18494
Signature Description: ViRobot Linux Server is an anti-virus protection file server that runs on Linux-based operating
systems. ViRobot Linux Server is prone to a remote buffer overflow vulnerability affecting the Web based
management interface. The problem is caused by improper bounds checking of cookies sent to the setuid cgi-bin file,
addschup. Other binaries may also affected. A remote attacker can exploit this vulnerability by sending a malicious
request to addschup binary with Cookie field containing the overflow string and arbitrary commands. Successful
exploitation may insert arbitrary commands into the user's crontab file thus executing the commands at regular
intervals.
Signature ID: 1451
Microsoft DirectX DirectShow AVI File Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2128
Bugtraq: 15063
Signature Description: Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems.
DirectShow is integrated with DirectX technologies. A buffer overflow vulnerability exists in Microsoft Windows
DirectShow component when processing AVI (Audio Visual Interleave) media files. The Microsoft AVI file format is
a RIFF file specification used with applications that capture, edit, and play back audio-video sequences. In general,