TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
837
Signature ID: 34772
Cisco IOS HTTP Service HTML Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-3921
Bugtraq: 15602
Signature Description: The Cisco IOS Web browser interface allows configuration and monitoring of a router or access
server using any web browser. This feature was introduced in IOS 11.0. A vulnerability exists in the IOS HTTP server
in which HTML code inserted into dynamically generated output such as the output from a show buffers command will
be passed to the browser requesting the page. This HTML code could be interpreted by the browser and potentially
execute malicious commands against the device or other possible cross-site scripting attacks. This signature detects if
an attacker could send "exec/-/reload/assigned,exec/-/reload/all,exec/-/buffers/assigned/ or exec/-/buffers/all"pattern on
http traffic.
Signature ID: 34773
Cisco IOS HTTP Service HTML Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-3921 Bugtraq: 15602
Signature Description: The Cisco IOS Web browser interface allows configuration and monitoring of a router or access
server using any web browser. This feature was introduced in IOS 11.0. A vulnerability exists in the IOS HTTP server
in which HTML code inserted into dynamically generated output such as the output from a show buffers command will
be passed to the browser requesting the page. This HTML code could be interpreted by the browser and potentially
execute malicious commands against the device or other possible cross-site scripting attacks. This signature detects if
an attacker could send "configure/-/enable/" pattern on http traffic.
Signature ID: 34775
Yahoo! Widgets Engine YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-4034 Bugtraq: 25086
Signature Description: The Yahoo Widget Engine (formerly known as Konfabulator) is a JavaScript runtime engine for
Windows and Mac OS X that lets you run little files called Widgets (Eg., alarm clocks, calculators, weather indicators
etc.,). The Yahoo! Widgets YDPCTL ActiveX control YDPCTL.dll in version prior to 4.0.5 is vulnerable to a stack
based buffer overflow. By convincing a victim to visit a specially-crafted web page which exploits this vulnerability, a
remote attacker may execute arbitrary code or crash the application. Upgrade to version 4.0.5 or later.
Signature ID: 34776
MS Visual Basic 6 pdwizard.ocx ActiveX Control Remote Code Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-3041
Bugtraq: 25295
Signature Description: Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the
system, caused by a memory corruption vulnerability that occurs when Internet Explorer attempts to instantiate the
pdwizard.ocx object as control. An attacker could exploit this vulnerability by creating a specially-crafted Web page
containing an invalid object (close), and persuading the victim to visit the page. Install the vendor supplied patch
mentioned in MS07-045 or set the killbit for CLSID 0DDF3B5C-E692-11D1-AB06-00AA00BDD685.
Signature ID: 34779
MS IE COM ActiveX Object Memory Corruption vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0219
Bugtraq: 22504
Signature Description: Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating
certain COM objects Internet Explorer 7 on Microsoft Vista is not affected by this issue, Internet Explorer 7 on other