TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

881

882

883

884

885

886

887

888

889

890

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

881

object.documentElement.outer HTML property. An attacker could exploit this vulnerability by creating a specially-

crafted Web page, and persuading a potential victim to visit the page or sending it to a potential victim as an email

attachment.

Signature ID: 35082

Microsoft Visio Version Number Handling Code Execution Vulnerability

Threat Level: Warning

Industry ID: CVE-CVE-2007-0934 Bugtraq: 24349

Signature Description: A remote code execution vulnerability exists in the way Microsoft Visio handles a specially

crafted version number in a Visio (.VSS) file. An attacker could exploit this vulnerability when Visio does not correctly

validate the version number field when processing the contents of a file. Such a specially crafted file might be included

as an e-mail attachment, or hosted on a malicious or compromised Web site.

Signature ID: 35083

Microsoft Windows Win32 API Code Execution Vulnerability

Threat Level: Severe

Industry ID: CVE-CVE-2007-2219 Bugtraq: 24370

Signature Description: One of the functionality provided by the Windows API is Base Services which Provide access

to the fundamental resources available to a Windows system. Included are things like file systems, devices, processes

and threads, and error handling. These functions reside in kernel.exe, krnl286.exe or krnl386.exe files on 16-bit

Windows, and kernel32.dll and advapi32.dll on 32-bit Windows. A vulnerability has been identified in Microsoft

Windows, which could be exploited by remote attackers to take complete control of an affected system. This issue is

caused by an error in the Win32 API that does not properly validate parameters passed to certain functions, which

could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page.

Signature ID: 35084

Microsoft Internet Explorer Javascript Page Update Race Condition

Threat Level: Severe

Industry ID: CVE-CVE-2007-3091 Bugtraq: 24283

Signature Description: Microsoft Internet Explorer uses a cross-domain security model to maintain separation between

browser frames from different sources. This model is designed to prevent code in one domain from accessing data in a

different domain. The Internet Security Manager Object determines which zone or domain a URL exists in and what

actions can be performed. An attacker could exploit this vulnerability using a specially-crafted URL to corrupt memory

and crash the browser or to spoof Web content and conduct phishing attacks. Internet Explorer 6 and Internet Explorer

7 are affected by this vulnerability.

Signature ID: 35086

Apple QuickTime Image Descriptor Atom Parsing Memory Corruption

Threat Level: Warning

Industry ID: CVE-2008-0033

Bugtraq: 27299

Signature Description: A memory corruption issue exists in QuickTime's parsing of Image Descriptor (IDSC) atoms.

Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code

execution. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an

exploitable heap corruption situation. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft

Windows Vista, Microsoft Windows XP SP2, and Mac OS X.