TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
883
Signature ID: 35093
Microsoft Internet Explorer OnBeforeUnload JavaScript Address Bar Spoofing
Threat Level: Severe
Industry ID: CVE-CVE-2007-3826
Bugtraq: 24911
Signature Description: The vulnerability is caused due to an error in the handling of the "document.open()" method and
can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is
commonly exercised as best practice. Based on the disruptive nature of document.open() call. By repeatedly calling this
function after a new URL is entered by the user, before onBeforeUnload is invoked, it inhibits page transition and the
target URL bar state is retained.
Signature ID: 35097
Microsoft Works File Converter WPS File Section Header Index Table Stack Overflow
Threat Level: Warning
Industry ID: CVE-CVE-2008-0105 Bugtraq: 27658
Signature Description: A vulnerability was reported in Microsoft Works 6 File Converter, as used in Office 2003 SP2
and SP3, Works 8.0, and Works Suite 2005. A remote code execution vulnerability exists in Microsoft Works File
Converter due to the way that it improperly validates section header index table information with the .wps file format.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An
attacker could then install programs, view, change, delete data or create new accounts. This rule hits when the track
state WPS is active and for the attack pattern.
Signature ID: 35098
Microsoft Internet Explorer ANIMATEMOTION Properties Assignment Memory Corruption
Threat Level: Severe
Industry ID: CVE-CVE-2008-0077 Bugtraq: 27666
Signature Description: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations
of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a
malicious page. The specific flaw exists in the handling of the "by" property of an animateMotion SVG element. The
'animateMotion' element causes a referenced element to move along a motion path. By assigning other DOM elements
to this property, a memory corruption occurs during the destruction of a Variant data type. The corruption causes an
overwrite of a virtual function address allowing for the execution of arbitrary code.
Signature ID: 35099
ClamAV libclamav PE File Handling Integer Overflow
Threat Level: Severe
Industry ID: CVE-CVE-2008-0318 Bugtraq: 27751
Signature Description: An integer overflow has been reported in the "cli_scanpe()" function in file libclamav/pe.c. The
vulnerability exists within the code responsible for parsing and scanning PE files. While iterating through all sections
contained in the PE file, several attacker controlled values are extracted from the file. On each iteration, arithmetic
operations are performed without taking into consideration 32-bit integer wrap. Since insufficient integer overflow
checks are present, an attacker can cause a heap overflow by causing a specially crafted Petite packed PE binary to be
scanned. This results in an exploitable memory corruption condition.
Signature ID: 35101
RealVNC VNC Authentication Bypass Vulnerability
Threat Level: Severe
Industry ID: CVE-2006-2369
Bugtraq: 17978
Signature Description: The VNC protocol is a simple protocol for remote access to graphical user interfaces, and
RealVNC is freeware which is used to access remote machines, and this provides GUI. This Software allows the