TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
699
stack-based buffer overflow, caused by improper bounds checking by the Mercury/32 SMTP Server Module
(mercurys.dll). By sending a specially-crafted AUTH CRAM-MD5 command with an overly long argument, a remote
attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges.
Signature ID: 30365
Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-3034 CVE-2005-4560 Bugtraq: 25302
Signature Description: Microsoft Windows GDI (Graphics Device Interface) enables applications to use graphics and
formatted text on both video displays and printers. Microsoft Windows GDI, version Microsoft Windows 2000 SP4,
XP SP2, and Server 2003 SP1, contains an integer overflow vulnerability in the AttemptWrite() function which may
lead to heap overflow. By convincing a user to view a specially crafted metafile with large record length a remote
attacker may be able to execute arbitrary code with the privileges of the user. Install the updates mentioned in
Microsoft Security Bulletin MS07-046.
Signature ID: 30366
RealNetworks Helix DNA Server RTSP Command Remote Heap Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4261 CVE-2007-4561 Bugtraq: 25440
Signature Description: The Helix DNA Server is a universal media delivery engine that supports the real time
packetization and network transmission of any media type to any device. It uses RTSP/RTP streaming delivery for
standards-compliant clients and proxies, an RTSP cloaked protocol over HTTP, and media data delivery via TCP, UDP
unicast and multicast, and HTTP. RealNetworks Helix DNA Server is vulnerable to a heap-based buffer overflow. By
sending a specially-crafted Real Time Streaming Protocol (RTSP) request with multiple malicious Require headers, a
remote attacker could overflow a buffer and execute arbitrary code on the system. Vendor has fixed this issue in Helix
Server 11.1.4.
Signature ID: 30367
ClamAV clamav-milter Shell Command Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4560 Bugtraq: 25439
Signature Description: Clam AntiVirus (ClamAV) is a popular open source antivirus solution. ClamAV can be
integrated with the Sendmail mail transport system via Sendmail's 'milter' mechanism. If the clamav-milter in ClamAV
version 0.91.1 and prior, is started with the 'black hole' mode activated, a specially crafted email could cause arbitrary
commands to be executed with root privileges. A remote attacker could send a specially-crafted email with a recipient
address containing shell meta characters and when this field is sent to popen() function call, it is possible to execute
arbitrary code on the system. Upgrade to the latest version of ClamAV (0.91.2 or later).
Signature ID: 30369
ECentrex VOIP Client UACOMX.OCX ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4489 Bugtraq: 25383
Signature Description: ECentrex is a popular developer of Voice-over-IP (VoIP) solutions. The eCentrex VOIP Client
ActiveX control (uacomx.ocx) version 2.0.1 is vulnerable to a stack-based buffer overflow. This ActiveX Control is
included in several VoIP products. By persuading a victim to visit a specially-crafted Web page containing hex
encoded exploit data, that passes an overly long username argument to the ReInit method, a remote attacker could
overflow a buffer and execute arbitrary code on the system or cause the victim's browser to crash. No remedy is
available as of August 2007 alternately user can set a killbit to clsid BD80D375-5439-4D80-B128-DDA5FDC3AE6C
to resolve this issue.