TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
782
and the servers it manages. The Trend Micro ServerProtect 5.58 is vulnerable. The Information Server allows
administrators to send and receive instructions from remote sites. The information server executable file
(EarthAgent.exe) will run on TCP port 3628. An attacker could exploit a stack-based buffer overflow via a specially-
crafted RPC request to this port, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Apply the patch2 build 1174 for this vulnerability, available from the trend micro Support Services Web page. Exploit
attempts of this vulnerability are detected using a combination of two signatures. This is the second signature and
generates a log message.
Signature ID: 34171
Symantec AntiVirus remote management interface buffer overflow
Threat Level: Severe
Industry ID: CVE-2006-2630
Bugtraq: BID-18107
Signature Description: EEye Digital Security has reported a vulnerability in Symantec Client Security and Symantec
AntiVirus Corporate Edition, which can be exploited by malicious people to compromise a user's system. The
vulnerability is caused due to a boundary error in the remote management interface when processing
"COM_FORWARD_LOG" commands. This can be exploited to cause a stack-based buffer overflow through specially
crafted "COM_FORWARD_LOG" command sent to port 2967 via TCP.
Signature ID: 34203
EIQnetworks ESA SEARCHREPORT Remote Overflow .
Threat Level: Severe
Industry ID: CVE-2007-5699 CVE-2006-3838 Bugtraq: 26189
Signature Description: EIQnetworks provides comprehensive analysis, reporting and performance management
solutions for enterprise application and network infrastructure. It mainly focused on application log file analysis,
reporting, performance and system management solutions. eIQnetworks provides cross-platform browser based
solutions that allow you to analyze, report and manage your application and network infrastructure for improved
performance. A remote overflow exists in eIQnetworks Enterprise Security Analyzer when the license manager
daemon (EnterpriseSecurityAnalyzer.exe) fails to perform proper bounds checking on the LICMGR_ADDLICENSE
commands resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code
resulting in a loss of integrity.
Signature ID: 34209
Apple QuickTime SMIL File Processing Integer Overflow(title)
Threat Level: Warning
Industry ID: CVE-2007-2394
Bugtraq: 24873
Signature Description: Apple QuickTime is multimedia software that allows users to view local and remote audio,
video, and image content. An unspecified memory corruption vulnerability exists in the way QuickTime handles
malformed movie files. This vulnerability can be triggered by accessing a specially crafted "title" fields in an SMIL
file, a movie file with QuickTime related to improper calculations for memory allocation.
Signature ID: 34217
Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-4777 Bugtraq: 20047
Signature Description: Heap-based buffer overflow in the DirectAnimation Path Control
(DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other
Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to
the KeyFrame method