TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
905
handling RTSP replies. By sending a specially crafted reply containing an overly-long "Reason-Phrase" user can
execute arbitrary code in the victim system. Patch is available to resolve this issue.
Signature ID: 35242
Microsoft Excel Import Remote Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0112 Bugtraq: 28095
Signature Description: Microsoft Office Excel contains a vulnerability that could allow an unauthenticated, remote
attacker to execute arbitrary code with the privileges of the user. Systems running Microsoft Windows Vista or Apple
Mac OS X are likely to be vulnerable to this attack. The vulnerability is due to a failure to properly sanitize data during
file import operations. Excel fails to properly validate parameters within symbolic link-formatted document (slk files)
when importing data. An error may occur as a result of processing malformed data during the import process. This
error may result in the corruption of system memory and execution of arbitrary code with the privileges of the user who
started the application. Microsoft has confirmed the vulnerability in a security bulletin and released software updates.
Exploit attempts of this vulnerability are detected using a combination of two signatures. This is the second signature
and generate a log message.
Signature ID: 35244
Microsoft Excel Import Remote Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0112 Bugtraq: 28095
Signature Description: Microsoft Office Excel contains a vulnerability that could allow an unauthenticated, remote
attacker to execute arbitrary code with the privileges of the user. Systems running Microsoft Windows Vista or Apple
Mac OS X are likely to be vulnerable to this attack. The vulnerability is due to a failure to properly sanitize data during
file import operations. Excel fails to properly validate parameters within symbolic link-formatted document (csv files)
when importing data. An error may occur as a result of processing malformed data during the import process. This
error may result in the corruption of system memory and execution of arbitrary code with the privileges of the user who
started the application. Microsoft has confirmed the vulnerability in a security bulletin and released software updates.
Exploit attempts of this vulnerability are detected using a combination of two signatures. This is the second signature
and generate a log message.
Signature ID: 35245
Microsoft IIS ASP Remote Code Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0075
Bugtraq: 27676
Signature Description: Internet Information Services (IIS) is a powerful Web server that provides a highly reliable,
manageable, and scalable Web application infrastructure for all versions of Windows Server 2003. IIS helps
organizations increase Web site and application availability while lowering system administration costs. Microsoft IIS
6.0 and 5.1 versions are vulnerable to this remote code execution attack. The vulnerability is caused due to an
unspecified error within the processing of input to ASP web pages. This can be exploited to execute arbitrary code with
the privileges of the Worker Process Identity (WPI) by passing specially crafted input to an ASP page. Microsoft has
released updates to resolve this issue.
Signature ID: 35246
Vsftpd 2.0.5 (CWD) Remote Memory Consumption Vulnerability
Threat Level: Severe
Signature Description: FTP is a file transfer protocol for exchanging and manipulating files over any TCP based
computer network. vsftpd, which stands for "Very Secure FTP Daemon", is an FTP server for UNIX-like systems,
including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL. vsftpd is the default
FTP server in some Linux distributions. vsftpd 2.0.5 version is vulnerable to denial of service attack. This can be