TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
424
arbitrary code on the system with SYSTEM level privileges. Administrators are advised to close the port 4105 for
untrusted clients.
Signature ID: 10243
Apple QuickTime Player QuickTime.qts Heap Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0431
Bugtraq: 10257
Signature Description: Apple's QuickTime Player is a player that allow users to view local and remote audio/video
content. Quicktime extension (Quicktime.qts) component in Apple QuickTime Player is vulnerable to an integer
overflow which leads to a heap based overflow. A QuickTime file is a collection of atoms which is the basic data unit.
Each atom contains size of atom, type of atom which is 32-bit integer, typically a four-character code followed by data
corresponding to the type of atom. A Sample-to-Chunk (stsc) atom contains a 4-byte "number of entries" field
specifying the count of entries in the sample-to-chunk-table. If the "number of entries" field contains an overly large
value, an integer overflow could occur, which could allow an attacker to overwrite portions of heap memory. A remote
attacker can create a specially crafted quicktime movie file that, when loaded by the target user, will cause the target
user's QuickTime player to terminate or execute arbitrary code. Administrators are advised to upgrade to new version
that is available from Apple's website. QuickTime 6.0, 6.1 and 6.5 are vulnerable.
Signature ID: 10244
NullSoft Winamp Play List File File Parameter Buffer Overflow Vulnerability(1)
Threat Level: Warning
Industry ID: CVE-2006-0476 Bugtraq: 16410
Signature Description: Winamp is a media player for Microsoft Windows developed by NullSoft. Winamp versions
5.11 and 5.12 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking of file names
within a .m3u or .pls playlist file. The Playlist file contains links to other media files through the File parameter. By
supplying an overly long file name path to this parameter a remote attacker can overflow the buffer when the file is
processed by Winamp. By convincing a user to open a specially crafted playlist file, a remote unauthenticated attacker
may be able to execute arbitrary code. This can be achieved by creating a specially crafted web page or other HTML
document that may launch Winamp without any user interaction. Users are advised to install newer version of Winamp.
This rule hits for the length of the plalist filename more than 100 characters.
Signature ID: 10245
NullSoft Winamp Play List File File Parameter Buffer Overflow Vulnerability(2)
Threat Level: Warning
Industry ID: CVE-2006-0476
Bugtraq: 16410
Signature Description: Winamp is a media player for Microsoft Windows developed by NullSoft. Winamp versions
5.11 and 5.12 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking of file names
within a .m3u or .pls playlist file. The Playlist file contains links to other media files through the File parameter. By
supplying an overly long file name path to this parameter a remote attacker can overflow the buffer when the file is
processed by Winamp. By convincing a user to open a specially crafted playlist file, a remote unauthenticated attacker
may be able to execute arbitrary code. This can be achieved by creating a specially crafted web page or other HTML
document that may launch Winamp without any user interaction. Users are advised to install newer version of Winamp.
This rule hits when the extension is more than 90 characters of length.
Signature ID: 10246
Novell ZENworks Management Agent Type 1 Authentication Request Password Buffer
Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1543 Bugtraq: 13678