TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

761

762

763

764

765

766

767

768

769

770

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

761

remote attacker to execute arbitrary code with the privilages of victim. No Remedy is Available as of Feb 2008.

Alternatly user can set the kill bit for CLSID 210D0CBC-8B17-48D1-B294-1A338DD2EB3A. This signature detects

traffic containing PROGID encoded in UTF encoding.

Signature ID: 34001

HTTP Apple QuickTime Color Table ID Heap Corruption1

Threat Level: Severe

Industry ID: CVE-2007-0718 Bugtraq: 22839

Signature Description: Apple quick time is vulnerable to a heap-based buffer overflow, caused by improper handling

of malformed QTIF files. By creating a malicious QTIF file containing a specially-crafted Video Sample Description

and persuading a victim to open the file, a remote attacker could corrupt memory and cause the victim's quick time

application to crash or possibly execute arbitrary code on the victim's system with the privileges of the user. An

attacker could exploit this vulnerability by sending the malicious file as an email attachment or hosting it on a Web site.

Signature ID: 34003

HTTP Mozilla Firefox createRange Remote DoS

Threat Level: Warning

Industry ID: CVE-2006-5633 Bugtraq: 20799

Signature Description: Mozilla Firefox is vulnerable to a denial of service, caused by a NULL pointer dereference that

can occur when processing a specially-crafted JavaScript Range object. A remote attacker could exploit this

vulnerability to cause a victim's browser to crash, if the attacker could persuade the victim to visit a malicious Web

page.

Signature ID: 34004

HTTP NetProxy Security Restriction Bypass Vulnerability

Threat Level: Information

Industry ID: CVE-2007-1225 Bugtraq: 22741

Signature Description: NetProxy could allow a malicious user to bypass URL filtering to view restricted or malicious

Web content. By sending a specially-crafted GET request to the proxy server and omitting "http://" from the URL, a

user could bypass URL content logging and filtering and possibly view unauthorized Web content.

Signature ID: 34005

Windows MHTML URI Buffer Overflow vulnerability

Threat Level: Severe

Industry ID: CVE-2006-2766 Bugtraq: 18198

Signature Description: Microsoft Internet Explorer is vulnerable to a buffer overflow in the inetcomm.dll file. By

creating an overly long mhtml:mid: URL, a remote attacker could overflow a buffer and cause a victim's browser to

crash or possibly execute arbitrary code on the victim's system, if the attacker could persuade the victim to click the

malicious URL.

Signature ID: 34006

TFTP Server TFTPDWIN Long Message DoS vulnerability

Threat Level: Severe

Industry ID: CVE-2007-1404

Bugtraq: 24452

Signature Description: TFTP is a simple protocol to transfer file. It has been implemented on top of the Internet User

Datagram protocol.TFTP Server TFTPDWIN 0.4.2 is vulnerable to a denial of service caused by improper handling of

long messages by the recv_from() call. A remote attacker could send a datagram of 516 bytes or more to UDP port 69

to cause the service to crash. No remedy is available as of january 2008.