TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
762
Signature ID: 34007
WinZip FileView ActiveX Control Unsafe Method Exposure vulnerability
Threat Level: Warning
Industry ID: CVE-2006-5198 Bugtraq: 21060
Signature Description: The FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61) could allow a remote attacker
to execute arbitrary code on the system. The FileView ActiveX control contains several unsafe methods and is marked
"safe for scripting" and "safe for initialization". A remote attacker could exploit this vulnerability to execute arbitrary
code on the victim's system, if the attacker could persuade the victim to visit a malicious Web site and the victim is
using an affected version of win zip.
Signature ID: 34009
MS Help Workshop .CNT Buffer Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2007-0352 Bugtraq: 22100
Signature Description: Microsoft HTML Help Workshop is vulnerable to a stack-based buffer overflow, caused by
improper bounds checking of help contents files (.CNT). By persuading a victim to open a specially-crafted .CNT file,
a remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the victim. An
attacker could exploit this vulnerability by sending the malicious file to a victim as an email attachment or hosting it on
a Web site. This signature detects overflow condition.
Signature ID: 34010
Apple Quicktime UDTA ATOM Integer Overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0714 Bugtraq: 22844
Signature Description: A buffer overflow vulnerability has been reported in certain versions of Apple's QuickTime
application. This is due to improper validation performed on the size field while processing an udta Atom data
structure. An overly large value in the size field of an udta Atom results in an integer overflow that leads to a small
buffer size being allocated during dynamic memory allocation. The size of an atom is not checked before memory copy
operations are performed to copy data contents from the MOV file to the allocated buffer on the heap. Successful
exploitation of this vulnerability will divert the program flow to execute attacker supplied code, which would be
executed in the security context of the logged in user. Attacks that do not execute code may terminate the application to
cause a denial of service.This signature will trigger when the pattern "|2e|mov" is SET.
Signature ID: 34014
HTTP Mozilla Window Navigator Object Code Execution
Threat Level: Warning
Industry ID: CVE-2006-3677 Bugtraq: 19192
Signature Description: Mozilla firefox is an open source web browser for windows and linux platforms. Mozilla
Firefox versions 1.5.0 to 1.5.0.4 are vulnerable to remote code execution when assigning unspecified parameters to the
window.navigator object. A remote attacker could exploit this vulnerability by persuading a victim to visit a malicious
Web page. No remedy is available as of January 2008.
Signature ID: 34015
HTTP MS Windows VML Buffer Overrun (MS07-004)
Threat Level: Severe
Industry ID: CVE-2007-0024 Bugtraq: 21930
Signature Description: Microsoft Internet Explorer is vulnerable to a heap-based buffer overflow in the Microsoft
Windows implementation of the Vector Markup Language (VML). By creating a malicious HTML document