TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
859
solve technical problems on their own. SupportSoft products 6.x and prior versions are vulnerable, which are included
with multiple Symantec products, are vulnerable to multiple buffer overflows. By persuading a victim to visit a
specially-crafted Web page or open a specially-crafted HTML email containing %u encoded data, a remote attacker
could overflow a buffer and cause the victim's browser to crash or possible execute arbitrary code on the system with
privileges of the victim. Users are advised to set kill bit to the clsid 44990200-3c9d-426d-81df-aab636fa4345 to resolve
this issue.
Signature ID: 34891
Symantec Products SupportSoft SmartIssue ActiveX Control Remote Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6490 Bugtraq: 22564
Signature Description: SupportSoft Inc. develops a product called Self-Service Suite which aims to help end users
solve technical problems on their own. SupportSoft products 6.x and prior versions are vulnerable, which are included
with multiple Symantec products, are vulnerable to multiple buffer overflows. By persuading a victim to visit a
specially-crafted Web page or open a specially-crafted HTML email containing hex encoded data, a remote attacker
could overflow a buffer and cause the victim's browser to crash or possible execute arbitrary code on the system with
privileges of the victim. Users are advised to set kill bit to the clsid 44990200-3c9d-426d-81df-aab636fa4345 to resolve
this issue.
Signature ID: 34892
Microsoft Step-by-Step Interactive Training Crafted Bookmark Link File Buffer Overflow
vulnerability
Threat Level: Severe
Industry ID: CVE-2006-3448 Bugtraq: 22484
Signature Description: Microsoft Step-by-Step Interactive Training is a training program developed by MIcrosoft. It is
preinstalled by some computer manufacturers and is included in many Microsoft Press books. Microsoft Knowledge
Base article 898458 contains a partial list of software and publications that include the Step-by-Step Interactive
training. A local overflow exists in Step-by-Step Interactive Tracing. The program fails to validate the Syllabus string
when opening .cbo files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code
execution resulting in a loss of integrity.
Signature ID: 34894
Microsoft Excel Malformed FNGROUPCOUNT Value Code Execution vulnerability
Threat Level: Severe
Industry ID: CVE-2006-1308 Bugtraq: 18890
Signature Description: Microsoft Excel (full name Microsoft Office Excel) is a proprietary spreadsheet application
written and distributed by Microsoft for Microsoft Windows and Mac OS X. It features calculation, graphing tools,
pivot tables. Microsoft, Excel 2004 and prior versions are vulnerability, this vulnerability allows user-assisted attackers
to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. Memory corruption will happen when
processing a malformed "FNGROUPCOUNT" value, which could be exploited by attackers to execute arbitrary
commands via these specially crafted Excel file. Patches are available in microsoft website. Exploit attempts of this
vulnerability are detected using a combination of two signatures. This is the second signature and generates a log
message.
Signature ID: 34895
Citrix Presentation Server IMA Invalid Event Data Length Denial of Service vulnerability
Threat Level: Severe
Industry ID: CVE-2006-5861
Bugtraq: 20986