TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
882
Signature ID: 35087
Microsoft DirectX SAMI File Parsing Code Execution
Threat Level: Severe
Industry ID: CVE-CVE-2007-3901 Bugtraq: 26789
Signature Description: DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to
perform adequate boundary checks on user-supplied data. This vulnerability exists in the DirextShow SAMI parser,
which is implemented in quartz.dll. When the SAMI parser copies parameters into a stack buffer, it does not properly
check the length of the parameter. As such, parsing a specially crafted SAMI file can cause a stack-based buffer
overflow. This allows an attacker to execute arbitrary code. Microsoft windows DirectX 7.0, Microsoft windows
DirectX 8.1 and Microsoft Windows 2000 SP4 are vulnerable.
Signature ID: 35089
Microsoft Windows Media Format ASF Parsing Code Execution
Threat Level: Severe
Industry ID: CVE-CVE-2007-0064 Bugtraq: 26776
Signature Description: Microsoft Windows Media Format Runtime is used by various Windows Media applications
such as Windows Media Player. The Windows Media Format Runtime includes the ability to play Advanced Systems
Format (ASF) files, which can contain streaming audio, video, slide shows and synchronized events. The
vulnerabilities are caused due to boundary errors when parsing ASF files and can be exploited to cause heap-based
buffer overflows when a user views a specially crafted ASF file in an application using the component (e.g. Windows
Media Player).Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for
Microsoft Windows 2000, XP, Server 2003, and Vista are vulnerable. Exploit attempts of this vulnerability detected
using a combination of two signatures, this is second signature and generate log message.
Signature ID: 35091
Microsoft DirectX WAV and AVI File Parsing Code Execution
Threat Level: Severe
Industry ID: CVE-CVE-2007-3895 Bugtraq: 26804
Signature Description: A remote code execution vulnerability exists in the way DirectX handles WAV and AVI format
files. This vulnerability could allow code execution if a user visits a specially crafted Web site or opens an e-mail
message with specially crafted content. If a user is logged on with administrative user rights, an attacker who
successfully exploited this vulnerability could take complete control of an affected system. An attacker could then
install programs, view, change, or delete data or create new accounts with full user rights. The vulnerability has been
reported in DirectX 7.0 through 10.0. Exploit attempts of this vulnerability are detected using a combination of two
signatures. This is the second signature and generate a log message.
Signature ID: 35092
Oracle Database SYS.LT.FINDRICSET SQL Injection
Threat Level: Severe
Industry ID: CVE-CVE-2007-5511
Bugtraq: 26098
Signature Description: Oracle Workspace Manager is prone to an SQL-injection vulnerability because it fails to
sufficiently sanitize user-supplied data before using it in an SQL query.The Workspace Manager, owned by SYS,
contains a package called LT. This package is owned and defined by the SYS user and can be executed by PUBLIC.LT
contains a procedure called FINDRICSET which calls the FINDRICSET package in the LTRIC package.