TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
661
Signature ID: 30040
Microsoft Windows Media Player Plug-in Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-0005
Bugtraq: 16644
Signature Description: The Microsoft Windows Media Player plug-in for non-Microsoft browsers is prone to a buffer-
overflow vulnerability. The application fails to do proper boundary checks on user-supplied data before using it in a
finite-sized buffer. An attacker can exploit this issue to execute arbitrary code on the victim users computer in the
context of the victim user. This may facilitate a compromise of the affected computer.
Signature ID: 30041
Microsoft MSHTA Script Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0063 Bugtraq: 13132
Signature Description: Various files, such as a Microsoft Word documents will be opened by the appropriate program
even if they are renamed with an unknown extension. The reason for this is that the CLSID of the Microsoft Word
program is stored within the OLE2 document. The CLSID of a given file can be manipulated to specify that another
program should handle the opening of the file. An attacker can execute arbitrary script code from a seemingly non-
executable object by appending script code to the end of a file and modifying the CLSID to be that of the Microsoft
HTML Application Host (MSHTA).
Signature ID: 30042
America Online ICQ ActiveX Control Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5650 Bugtraq: 20930
Signature Description: This vulnerability is caused due to an input validation error in the
ICQPhone.SipxPhoneManager ActiveX control when processing DownloadAgent method. The vulnerable function
takes a single URI argument of a file to download and execute under the context of the running user. A malicious ICQ
avatar can be used as an exploitation vector. Successful exploits may allow attackers to crash the application, denying
further service to users. This issue may also be exploited to execute arbitrary machine-code. This signature detects
attacks using CLSID and DownloadAgent method.
Signature ID: 30043
America Online ICQ ActiveX Control Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5650 Bugtraq: 20930
Signature Description: This vulnerability is caused due to an input validation error in the
ICQPhone.SipxPhoneManager ActiveX control when processing DownloadAgent method. The vulnerable function
takes a single URI argument of a file to download and execute under the context of the running user. A malicious ICQ
avatar can be used as an exploitation vector. Successful exploits may allow attackers to crash the application, denying
further service to users. This issue may also be exploited to execute arbitrary machine-code. This signature detects
attacks using PROGID and DownloadAgent method.
Signature ID: 30044
America Online ICQ ActiveX Control Code Execution Vulnerability(3)
Threat Level: Warning
Industry ID: CVE-2006-5650
Bugtraq: 20930
Signature Description: This vulnerability is caused due to an input validation error in the
ICQPhone.SipxPhoneManager ActiveX control when processing DownloadAgent method. The vulnerable function
takes a single URI argument of a file to download and execute under the context of the running user. A malicious ICQ