TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
763
containing specially-crafted VML records, a remote attacker could overflow a buffer and execute arbitrary code on the
system with permissions of the victim, if the attacker could persuade the victim to open the malicious file. An attacker
could exploit this vulnerability by hosting the file on a Web site or sending it to a victim as an email attachment
Signature ID: 34017
MS Excel Embedded Shockwave Flash Object Code Execution S
Threat Level: Warning
Industry ID: CVE-2006-3014 Bugtraq: 19980
Signature Description: A security weakness related to the handling of embedded Shockwave Flash Objects in
Microsoft Excel could allow a remote attacker to execute arbitrary code on the system. An attacker could exploit this
weakness by creating an Excel Spreadsheet file (.xls) containing a malicious Shock wave Flash Object and persuading
a victim to open the file, which would allow the attacker to execute arbitrary code on the system with the privileges of
the victim. Exploit attempts of this vulnerability are detected using a combination of two signatures. This is the second
signature and generates a log message.
Signature ID: 34022
EnjoySAP rfcguisink.rfcguisink.1 ActiveX Control Heap-based Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-3606 Bugtraq: 24777
Signature Description: EnjoySAP, is the SAP GUI client in SAP R/3's 3-tier architecture of database, application
server and client. It is software that runs on a Microsoft Windows, Apple Macintosh or Unix desktop, and allows user
to access SAP functionality in SAP applications such as mySAP ERP and SAP Business Information Warehouse. The
EnjoySAP rfcguisink.rfcguisink.1 ActiveX control is vulnerable to a heap-based buffer overflow. The issue occurs
when processing overly long arguments (>180bytes) passed to the LaunchGui() method. By persuading the victim to
visit a specially-crafted Web page, a remote attacker could overflow a buffer and execute arbitrary code on the system
or cause the browser to crash. Upgrade to the latest version of EnjoySAP (7/19/2007 or later), available from the
EnjoySAP FTP Web site. Alternately user can set the kill bit to disable ActiveX for CLSID corresponding to the progid
rfcguisink.rfcguisink.1 to resolve this issue.
Signature ID: 34033
Mozilla Multiple Product location.hostname Null Byte URI Security Bypass Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0981 Bugtraq: 22566
Signature Description: Mozilla is an open-source Web browser for Microsoft Windows and Linux platforms.Mozilla
based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 are vulnerable to
a cross-site scripting. The setting location.hostname to a value with embedded null characters can confuse the browsers
domain checks. Setting the value triggers a load, but the networking software reads the hostname only up to the null
character while other checks for parent domain start at the right and so may have a completely different idea of what
the current host is. This issue is fixed in Mozilla SeaMonkey 1.0.8, Mozilla Firefox 2.0.0.2, Mozilla Firefox 1.5.0.10,
Mozilla Camino 1.5.1 versions. Administrators are advised to update resolved versions for this issue.
Signature ID: 34050
ACDSee XPMHeaders Buffer Overflow (exec) S
Threat Level: Warning
Industry ID: CVE-2007-2193
Bugtraq: 23620
Signature Description: XPM stores image data in the form of ASCII text formatted as a Standard C character string
array. This type of format allows XPM files to be edited easily with any text editor.XPM files always start with the
string XPM, delimited by Standard C comment tokens.This is an identifier indicating that the file contains an XPM data
structure.ACDSee is vulnerable to an unspecified buffer overflow. By creating a specially-crafted XPixMap (XPM)