TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
876
Signature ID: 35058
NullSoft Winamp .WSZ File Remote Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0820 Bugtraq: 11053
Signature Description: Winamp is a music player for Microsoft Windows, developed by Nullsoft. Winamp uses .b4s
files to store MP3 file play lists in XML format. Winamp versions 3.0 and 5.0 through 5.04 could allow a remote
attacker to execute arbitrary code on the system. A remote attacker could create a malicious Web page that uses the
object tag and the codebase attributes to cause code embedded in a Winamp skin file (.wsz) to be automatically
executed in the victim's Local computer zone. The problem is caused due to insufficient restrictions on Winamp skin
zip files (.wsz). This can e.g. be exploited by a malicious website using a specially crafted Winamp skin to place and
execute arbitrary programs. With Internet Explorer this can be done without user interaction.
Signature ID: 35059
IBM Lotus Notes Cross Site Scripting
Threat Level: Severe
Industry ID: CVE-2005-2175 Bugtraq: 14164
Signature Description: IBM Lotus strongly recommends using of Domino Web Access (iNotes). The Domino Web
Access mail template prompts the user to open or save when clicking on attachments. A remote user can send an e-mail
with an HTML file attachment to a target user. If the target user clicks on the attachment, the HTML code is executed
without first providing a warning prompt. Arbitrary scripting code may be executed by the target user's browser. The
code will originate from the site running the Lotus Notes software and will run in the security context of that site. As a
result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with
the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as
the target user. An HTML attachment with Content-Type of 'text/html' and Content-Disposition of 'inline' can trigger
the flaw. This signature triggers for INbound request malformed packets.
Signature ID: 35060
Microsoft Visual Studio Crystal Reports RPT File Handling Code Execution
Threat Level: Severe
Industry ID: CVE-2006-6133 Bugtraq: 21261
Signature Description: Crystal Reports is an intuitive reporting solution that helps customers rapidly create flexible,
feature-rich, high-fidelity reports and tightly integrate them into web and windows applications. LSsecurity has
reported a vulnerability in Crystal Reports, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when processing RPT files. This can be exploited to cause a stack-
based buffer overflow via a specially crafted RPT file. Successful exploitation allows execution of arbitrary code. The
vulnerability is reported in Crystal Reports XI Professional version 11.0.0.1994. Other versions may also be affected.
This vulnerability also affects Crystal Reports for Microsoft Visual Studio.
Signature ID: 35061
Microsoft Internet Explorer Address Bar Spoofing Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-1626 Bugtraq: 17404
Signature Description: Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the
address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash
application, then changing the window location back to a trusted URL while the Flash application is still loading. The
vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files
(".swf") in browser windows. This can be exploited to spoof the address bar in a browser window showing web content
from a malicious web site.