TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
217
Signature ID: 1507
Microsoft Internet Explorer Object Type Validation Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0532
Bugtraq: 8456
Signature Description: Microsoft Internet Explorer is the most widely used World Wide Web browser. It was
developed by Microsoft. Microsoft Internet Explorer(IE) will execute an HTML Application referenced by the DATA
attribute of an OBJECT element. OBJECT element as a way to embed ActiveX controls. The DATA attribute is a URI
that provides the data for an object. Microsoft Internet Explorer (Microsoft Internet Explorer versions 5.01,5.5, and 6)
does not properly determine object data tags. A remote attacker could create a specially-crafted URL link using the
Object Data tags, which would be executed in the victim's web browser within the security context of the hosting site,
once the link is clicked. An attacker could exploit this vulnerability by sending it to a victim as an HTML email.
Signature ID: 1510
Lupper worm - AWStats configdir Parameter Input Validation Flaw
Threat Level: Severe
Industry ID: CVE-2005-0116 Bugtraq: 12298
Signature Description: Lupper is a worm. The worm will infect Linux systems and spreads through web servers by
exploiting AWStats Rawlog Plugin Input Vulnerability. This worm will not infect windows system. It sends random
http requests on port 80. If any web server is vulnerable, it will exploit the vulnerabilities and downloads a copy of
itself into the web server. It also sends some pre-configured list of commands to the awstats scripts. AWStats is a Perl
CGI script that collects and graphically displays statistics from web, FTP, and mail servers. AWStats versions prior to
6.3 are vulnerable to an input validation flaw which allows remote attackers to execute arbitrary comands under the
privileges of the web server. The problem exists in the 'awstats.pl' perl script which takes the parameter 'configdir' as
user-supplied input. Due to the lack of input validation on the configdir parameter a remote attacker can supply this
parameter with arbitrary commands prefixed with the '|' character which leads to execution of those command.
Signature ID: 1511
RealNetworks RealOne Player/RealPlayer SMIL File Remote Stack Based Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0455 Bugtraq: 12697
Signature Description: RealPlayer is an application for playing various media formats, developed by RealNetworks
Inc. RealPlayer is vulnerable to a stack based buffer overflow vulnerability due to a lack of boundary checks performed
by the application when parsing Synchronized Multimedia Integration Language (SMIL) files. An attacker can exploit
this vulnerability using a specially crafted .smil file by setting the system-screen-size parameter to a string of more than
256 bytes. Successful exploitation allows arbitrary code execution. Vulnerable to Real Player 8 or above in Windows
and Real Player 10 in Linux/Mac.
Signature ID: 1512
Internet explorer WebViewFolderIcon setSlice code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3730
Bugtraq: 19030
Signature Description: Microsoft Internet Explorer is the most widely used World Wide Web browser. It is developed
by Microsoft. Microsoft Internet Explorer (Microsoft Internet Explorer version 6 on Windows XP SP2) is a integer
underflow vulnerability. Microsoft WebViewFolderIcon object is an ActiveX control is provided by the file webvw.dll.
By passing a malformed WebViewFolderIcon ActiveX Object(webvw.dll) with an invalid argument(0x7ffffff) to the
"setslice()" method, a remote attacker could exploit this vulnerability to execute arbitrary code on the victim's system or
cause the victim's browser to crash. Apply the updates listed in Microsoft Security Bulletin MS06-057.