TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
213
handles the creation of console windows and the properties associated with the windows such as size, font, color, etc.
Console windows properties can be set by selecting Properties on window system menu, setting the values you want
and then saving the changes. When a user selects the "Properties" item from the menu of a console window, a data
structure called CONSOLE_STATE_INFO containing information about the console window is copied into the file-
mapping object. The CONSOLE_STATE_INFO data structure contains a null terminated string specifying the name of
a font, FaceName[32]. This string is copied into a fixed sized stack buffer without any sanity checking via the wcscpy()
function. By supplying a string longer than 32 bytes, an attacker can trigger the stack-based buffer overflow to gain
control of the computer and eventually execute arbitrary code. A local attacker, who is authenticated, could run a
specially-crafted application to gain elevated privileges and complete control of the system. A remote attacker can
exploit this issue by crafting a malicious shortcut (.lnk) file and placing it on a Web site or sending it to a user through
email followed by enticing them to open it and view the file's properties.
Signature ID: 1455
Mozilla Firefox 'Set As Wallpaper' Javascript Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2262
CVE-2005-2260 Bugtraq: 14242
Signature Description: Mozilla is an open-source Web browser for Microsoft Windows and Linux-based operating
systems. Mozilla Firefox versions 1.0.3 and 1.0.4 could allow a remote attacker to execute arbitrary code caused by a
vulnerability in the Set As Wallpaper context menu. The "Set As Wallpaper" dialog takes the image url as a parameter
without validating it. If an attacker can convince a victim to use the "Set As Wallpaper" context menu item on a
specially crafted image containing image source as a javascript: url (like <img src="javascript:) with an eval()
statement then they can run arbitrary code on the user's computer. Users are advised to upgrade to newer version of
Mozilla Firefox. This vulnerability have been addressed in Firefox 1.0.5 and in Mozilla Suite 1.7.9
Signature ID: 1456
NullSoft Winamp ID3v2 Tag Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2310 Bugtraq: 14276
Signature Description: Winamp is a multimedia player made by Nullsoft. ID3v2 is a metadata container most often
used in conjunction with the MP3 audio file format. It allows information such as the title, artist, album, track number,
or other information about the file to be stored in the file itself. Winamp versions 5.03a, 5.09, and 5.091 are reported
vulnerable to a buffer overflow vulnerability when processing ID3v2 tags of mp3 files. A remote attacker can create a
MP3 file with malicious ID3v2 tag such as ARTIST (TPE1) specifying a large string to it. When the target user adds
plays the file in his Winamp playlist, arbitrary code will get executed when the file is finished playing. Users are
advised to upgrade t the newer version of Winamp. Other versions are also likely affected.
Signature ID: 1457
NullSoft Winamp ID3v2 Tag Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2310 Bugtraq: 14276
Signature Description: Winamp is a multimedia player made by Nullsoft. ID3v2 is a meta data container most often
used in conjunction with the MP3 audio file format. It allows information such as the title, artist, album, track number,
or other information about the file to be stored in the file itself. Nullsoft Winamp 5.0.91 and prior versions are
vulnerable to a buffer overflow vulnerability when processing ID3v2 tags of mp3 files. A remote attacker can create a
MP3 file with malicious ID3v2 tag such as ARTIST (TPE1) or TITLE (TOPE) specifying a large string for them.
When the target user adds the file to their Winamp playlist and then plays the file, arbitrary code will get executed
when the file is finished playing. Users are advised to upgrade to the newer version of Winamp.