TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
568
Encapsulation Format (TNEF) MIME attachment.An attacker could exploit the vulnerability by constructing a specially
crafted TNEF message that could potentially allow remote code execution when a user opens or previews a malicious
e-mail message or when the Microsoft Exchange Server Information Store processes the specially crafted message. An
attacker who successfully exploited this vulnerability could take complete control of an affected system. Upgrade the
patches are available from vendors web site.
Signature ID: 21086
Windows media player BMP file processing Heap Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-006 Bugtraq: 16633
Signature Description: Windows Media Player has a security issue within Media Player versions 7.1 through 10 on all
Windows OS's. Windows Media Player can play bit map format files, such as .bmp file. But it can't correctly process a
bmp file, which declares its size as 0, causing a heap overflow. The attacker can use multiple vectors to exploit it.
Attackers can create .asx files and open them with a URL, use Activex embedded in an HTML page or create a Media
Player skin file.
Signature ID: 21087
Microsoft Windows NT 4.0 Remote Registry request DOS
Threat Level: Severe
Industry ID: CVE-2000-0377 Bugtraq: 1331
Signature Description: This rule detects a request to access the Windows NT registry from a remote machine through
NETBIOS session. In special circumstances while handling requests to access the Remote Registry Server, Windows
NT 4.0 can crash due to winlogon.exe's inability to process specially malformed remote registry requests. Only
authenticated users on the network would be able to exploit this vulnerability. So it is adviced to configured Windows
NT to deny all remote registry requests, thus it would not be affected by this vulnerability under any conditions.
Signature ID: 21088
Windows RPC service malformed packet DOS
Threat Level: Warning
Industry ID: CVE-2002-1561 Bugtraq: 6005
Signature Description: Remote Procedure Call (RPC) is a protocol used by the Windows operating system which
provides an inter-process communication mechanism that allows a program running on one computer to seamlessly
execute code on a remote system. A vulnerability exists in a part of the RPC service called the RPC Endpoint Mapper.
The RPC Endpoint Mapper listens for network requests (135/tcp), provides clients with port numbers for RPC services,
and maintains information about RPC connections. According to Microsoft advisory MS03-010, vulnerable code in the
RPC Endpoint Mapper dereferences a NULL pointer when processing a malformed RPC message. An unauthenticated,
remote attacker could cause the RPC Endpoint Mapper to terminate, denying service to legitimate users. Since the RPC
Endpoint Mapper is part of the RPC service, exploiting this vulnerability would cause the RPC service to fail, with the
attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions. Once the
RPC service has been terminated, an attacker may be able to take control over an orphaned named pipe and gain the
privileges of the RPC service (Local System).
Signature ID: 21089
Microsoft Distributed Transaction Service Coordinator MSDTC Message Buffer Overflow
Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2119
Bugtraq: 15056
Signature Description: Microsoft Distributed Transaction Coordinator (MSDTC) Service, coordinates transactions that
span multiple resource managers, such as databases, message queues and file systems. MSDTC service is prone to a