TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
775
with "id" parameter values, which could allow the attacker to view, add, modify or delete information in the back-end
database. This signature detects attacks using insert, truncate, update SQL commands in query.
Signature ID: 34134
Logitech VideoCall wcamxmp.dll ActiveX controls stack buffer overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2007-2918 Bugtraq: 24254
Signature Description: Logitech VideoCall wcamxmp.dll ActiveX control is stack-based buffer overflow. By
persuading a victim to visit a specially-crafted Web page, a remote attacker could overflow a buffer and execute
arbitrary code on the system with the privileges of the user or cause the victim's browser to crash. By convincing a user
to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker
may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or
the program using the WebBrowser control) to crash.
Signature ID: 34136
NeoTrace Express ActiveX TraceTarget Method Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6707 Bugtraq: :21697
Signature Description: McAfee NeoTrace Pro delivers a powerful tool for checking information on internet locations.
It shows how packets get from your computer to another computer on the Internet by displaying all nodes between your
computer and the trace target. NeoTrace Express 3.25 and NeoTrace Professional 3.25 are vulnerable. NeoTraceLoader
ActiveX control (NeoTraceExplorer.dll) will affect by passing large string to the TraceTarget() method. The remote
attacker can exploit this vulnerability via a malicious web page to execute arbitrary code in currently logged-in user
context and overflow the buffer through NeoTraceLoader ActiveX control method. No remedy is available as of Feb
2008. Set killbit to the clsid to resolve this issue.
Signature ID: 34137
NeoTrace Express ActiveX TraceTarget Method Overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6707 Bugtraq: :21697
Signature Description: McAfee NeoTrace Pro delivers a powerful tool for checking information on internet locations.It
shows how packets get from your computer to another computer on the Internet by displaying all nodes between your
computer and the trace target. NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) by passing large string to the
TraceTarget() method.The remote attacker can exploit this vulnerability via a malicious web page to execute arbitrary
code in currently logged-in user context and overflow the buffer through NeoTraceLoader ActiveX control method.
NeoTrace Express 3.25 and NeoTrace Professional 3.25 are vulnerable. No remedy is available as of Feb 2008 set
killbit to clsid mentioned in Microsoft security bulletin to resolve this issue.
Signature ID: 34138
Novell NetMail NMAP STOR-command buffer overflow vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6424 Bugtraq: 21725
Signature Description: Novell NetMail's implementation of the Network Messaging Application Protocol (NMAP),
Novell NetMail 3.52 D and prior versions are vulnerable. It contain vulnerability, which can be exploited by malicious
users to cause a DoS (Denial of Service) or compromise a vulnerable system and by malicious people to compromise a
vulnerable system. A boundary error within the NMAP (Network Messaging Application Protocol) service when
handling STOR commands can be exploited to cause a buffer overflow by passing an overly long argument to the
command. Patches available on novell website.