TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
553
the targeted system. This vulnerability can also be exploited by directing the user to an attacker controlled SMB share,
the user will then need to select the file in order to activate the exploit. Administrators are advised to install patches
provided by Microsoft. Vulnerable platforms are Microsoft Windows 2000 SP4, Microsoft Windows 2000 SP3,
Microsoft Windows 98, Microsoft Windows 98SE, Microsoft Windows Me.
Signature ID: 21002
Microsoft Windows Windows Explorer Web View Script Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1191 Bugtraq: 13248 Nessus: 18215
Signature Description: Windows Explorer is an application that is part of Microsoft Windows operating system that
provides a graphical user interface for accessing the file systems. Web View (preview pane) is one of two different
formats provided by Windows Explorer for viewing file and folder information. This feature allows users to preview
documents in a thumbnail view before opening. In addition, information such as title and author is displayed. The
preview pane is implemented via an HTML resource file (in webvw.dll), which examines the currently selected file,
reads its metadata and displays useful information about it such as the file's size, attributes, modification date, author
and more. A remote code execution vulnerability exists in the way that Web View within Windows Explorer handles
certain HTML characters in author name field of a document. When the preview pane outputs the document's author
name, it checks whether the name resembles an email address, and if so, transforms it into a 'mailto:' link in the pane.
The transformation into a link does not filter potentially dangerous characters and makes it possible to inject attributes
into the link, which enables execution of arbitrary script commands. An attacker could persuade a user to save a file
from an email message or from a website to a local storage device. If a remote attacker persuades a user to preview a
malicious file, the attacker could execute arbitrary code within the context of the victim and gain complete control over
the targeted system. This vulnerability can also be exploited by directing the user to an attacker controlled SMB share,
the user will then need to select the file in order to activate the exploit. Administrators are advised to install patches
provided by Microsoft. Vulnerable platforms are Microsoft Windows 2000 SP4, Microsoft Windows 2000 SP3,
Microsoft Windows 98, Microsoft Windows 98SE, Microsoft Windows Me.
Signature ID: 21003
Microsoft Windows Windows Explorer Web View Script Injection Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1191 Bugtraq: 13248 Nessus: 18215
Signature Description: Windows Explorer is an application that is part of Microsoft Windows operating system that
provides a graphical user interface for accessing the file systems. Web View (preview pane) is one of two different
formats provided by Windows Explorer for viewing file and folder information. This feature allows users to preview
documents in a thumbnail view before opening. In addition, information such as title and author is displayed. The
preview pane is implemented via an HTML resource file (in webvw.dll), which examines the currently selected file,
reads its metadata and displays useful information about it such as the file's size, attributes, modification date, author
and more. A remot code execution vulnerability exists in the way that Web View within Windows Explorer handles
certain HTML characters in author name field of a document. When the preview pane outputs the document's author
name, it checks whether the name resembles an email address, and if so, transforms it into a 'mailto:' link in the pane.
The transformation into a link does not filter potentially dangerous characters and makes it possible to inject attributes
into the link, which enables execution of arbitrary script commands. An attacker could persuade a user to save a file
from an email message or from a website to a local storage device. If a remote attacker persuades a user to preview a
malicious file, the attacker could execute arbitrary code within the context of the victim and gain complete control over
the targeted system. This vulnerability can also be exploited by directing the user to an attacker controlled SMB share,
the user will then need to select the file in order to activate the exploit. Administrators are advised to install patches
provided by Microsoft. This rule hits when javascript as background, followed with normal, Microsoft , Word pattern
sequence found.