TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
738
control is provided by the file NCTAudioFile2.dll.The NCTAudioFile2 ActiveX control is included with several
applications.The NCTAudioFile2 ActiveX control contains a buffer overflow in the SetFormatLikeSample()
method.This buffer overflow allows an attacker to overwrite the contents of the EIP (Extended Instruction Pointer)
register, thus gaining control of program execution flow.By convincing a victim to view an HTML document (web
page, HTML email, or email attachment), an attacker could run arbitrary code with the privileges of the user running
IE.
Signature ID: 32627
HTTP RealPlayer ActiveX Control (rpau3260.dll) DoS
Threat Level: Severe
Industry ID: CVE-2006-6759
Bugtraq: 21689
Signature Description: RealNetworks RealPlayer is vulnerable to a denial of service, caused by a vulnerability in the
rpau3260.dll ActiveX control.A remote attacker could exploit this vulnerability to cause the victim's browser to crash,
if the attacker could persuade the victim to visit a malicious Web page that passes specially-crafted arguments to the
RealPlayer.Initialize() method.RealPlayer version 10.5 is vulnerable to this issue, other versions may also be affected.
Signature ID: 32628
Evasion DCERPC append multiple fake bind(CVE-2007-0169)
Threat Level: Severe
Signature Description: The DCERPC mixin provides methods that are useful to exploits that attempt to leverage
vulnerabilities in DCERPC applications. It also provides a unified evasion interface that makes it so any exploits that
use the mixin can make use of multi-context bind evasion and packet fragmentation.This mixin automatically registers
the RHOST and RPORT options.It also registers two advanced options, DCEFragSize and DCEMultiBind. The rex
library supports a fairly robust implementation of a portion of the DCERPC feature-set and includes support for doing
evasive actions such as multi-context bind and packet fragmentation.
Signature ID: 32630
DOS Infinite Array Sort
Threat Level: Severe
Industry ID: CVE-2004-1198 CVE-2004-1200 CVE-2004-1199 CVE-2004-1201 Bugtraq: 11751
Signature Description: Microsoft Internet is prone to a vulnerability that may result in a browser crash.This issue is
exposed when the browser performs an infinite JavaScript array sort operation.It is conjectured that this will only result
in a denial of service and is not further exploitable to execute arbitrary code, though this has not been
confirmed.Multiple vendor Web browsers, including Microsoft Internet Explorer, Safari, Mozilla, Camino, Firefox,
Netscape and Opera are vulnerable to a denial of service attack.A remote attacker could create a specially-crafted Web
page that contains a nested array, which would cause the victim's Web browser to crash, once the Web page is
visited.An attacker could exploit this vulnerability by hosting the malicious Web page on a Web site or by sending it to
a victim as an HTML email.Platforms Affected are Mac OS 10.3.6, Safari 1.2.4, Microsoft Internet Explorer Any
version, Camino 0.7, Firefox 1.0, Mozilla 1.7, Netscape 7.2, Opera 6.03, Opera 7.54.
Signature ID: 32632
FTP 3CDaemon Information Disclosure Vulnerability(2)
Threat Level: Severe
Industry ID: CVE-2005-0278
Signature Description: The FTP service in 3Com 3CDaemon 2.0 revision 10 is vulnerable to gain sensitive information
via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message. A
successful exploitation of these issues may allow an attacker to crash the application, disclose sensitive information,
and potentially execute arbitrary code on a vulnerable computer. No remedy available as of October 25, 2008. Exploit