TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
872
Signature ID: 35034
Microsoft Windows Print Spooler Service Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1984 Bugtraq: 14514
Signature Description: The Print Spooler service spoolsv.exe in Microsoft Windows manages the printing process,
which includes such tasks as retrieving the location of the correct printer driver, loading that driver, spooling high-level
function calls into a print job, and scheduling print jobs. A remotely exploitable buffer overflow vulnerability exists in
the Spooler service. By constructing a malicious DCE RPC packet for RpcAddPrinterEx method (opnum 0x46), and
sending it over either on port 139 to an affected system can overflow the buffer and can execute arbitrary code or
obtain elevated privileges on the system. On Windows XP SP1 and Windows 2000 versions, the attacker does not
require any authentication however, on Windows XP SP2 and Windows Server 2003, authentication is required before
an attacker can send the request. Administrators are advised to update the operating system by installing the patches
mentioned in MS05-043 bulletin.
Signature ID: 35036
Microsoft Windows Print Spooler Service Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1984 Bugtraq: 14514
Signature Description: The Print Spooler service spoolsv.exe in Microsoft Windows manages the printing process,
which includes such tasks as retrieving the location of the correct printer driver, loading that driver, spooling high-level
function calls into a print job, and scheduling print jobs. A remotely exploitable buffer overflow vulnerability exists in
the Spooler service. By constructing a malicious DCE RPC packet for RpcAddPrinterEx method (opnum 0x46), and
sending it over either on port 445 to an affected system can overflow the buffer and execute arbitrary code or obtain
elevated privileges on the system. On Windows XP SP1 and Windows 2000 versions, the attacker does not require any
authentication however, on Windows XP SP2 and Windows Server 2003, authentication is required before an attacker
can send the request. Administrators are advised to update the operating system by installing the patches mentioned in
MS05-043 bulletin.
Signature ID: 35037
Microsoft Windows Print Spooler Service Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-1984 Bugtraq: 14514
Signature Description: The Print Spooler service spoolsv.exe in Microsoft Windows manages the printing process,
which includes such tasks as retrieving the location of the correct printer driver, loading that driver, spooling high-level
function calls into a print job, and scheduling print jobs. A remotely exploitable buffer overflow vulnerability exists in
the Spooler service. By constructing a malicious DCE RPC packet for RpcAddPrinterEx method (opnum 0x46), and
sending it over either on port 445 to an affected system can overflow the buffer and execute arbitrary code or obtain
elevated privileges on the system. On Windows XP SP1 and Windows 2000 versions, the attacker does not require any
authentication and can exploit the vulnerability from remote. However, on Windows XP SP2 and Windows Server
2003, authentication is required before an attacker can send the request. Administrators are advised to update the
operating system by installing the patches mentioned in MS05-043 bulletin.
Signature ID: 35038
Microsoft Windows ASN.1 Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-1935
Signature Description: ASN.1 is the language used to standardize data across multiple platforms. Heap-based buffer
overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to
execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the