TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
921
Signature ID: 35304
Adobe Reader AcroPDF.dll ActiveX denial of service vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6027
Bugtraq: 21813
Signature Description: Adobe Acrobat is a family of computer programs developed by Adobe Systems, designed to
view, create, manipulate and manage files in Adobe's Portable Document Format. Adobe Reader 7.0.8.0 is vulnerable
to denial of service via sending long string argument to src method. By persuading a victim to visit a specially-crafted
Web page containing %u encoded exploit code, a remote attacker could execute arbitrary code on the system with the
privileges of the victim. Update the latest version available from vendors web site. Alternatively user can set the kill bit
for CLSID corresponding to the progid AcroPDF.PDF to resolve this issue.
Signature ID: 35305
Adobe Reader AcroPDF.dll ActiveX denial of service vulnerability
Threat Level: Severe
Industry ID: CVE-2006-6027 Bugtraq: 21813
Signature Description: Adobe Acrobat is a family of computer programs developed by Adobe Systems, designed to
view, create, manipulate and manage files in Adobe's Portable Document Format. Adobe Reader 7.0.8.0 is vulnerable
to denial of service via sending long string argument to src method. By persuading a victim to visit a specially-crafted
Web page having %u encoded exploit code, a remote attacker could execute arbitrary code on the system with the
privileges of the victim. Update the latest version available from vendors web site. Alternatively user can set the kill bit
for CLSID CA8A9780-280D-11CF-A24D-444553540000.
Signature ID: 35306
TWiki rev Parameter Shell Command Injection Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2877 Bugtraq: 14834
Signature Description: TWiki is a web-based collaborative publishing environment. TWiki does not sanitize user-
controlled URI parameters supplied to the revision control function for malicious content. Specifically, the rev
parameter is not filtered for shell metacharacters before being used to construct a shell command. By sending a
specially crafted URI to a system running TWiki, a remote, unauthenticated attacker may be able to execute arbitrary
commands on that system. This signature detects encoding characters in hexadecimal. TWiki has released a hotfix to
address this issue.
Signature ID: 35308
Oracle Reports Server desname Parameter File Overwrite Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2371
Bugtraq: 14309
Signature Description: Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and
inserts it into a formatted report. Oracle Reports Server versions 6.0, 6i, 9i, and 10g could allow a remote attacker to
overwrite arbitrary files on the system. Remote attacker can send a specially-crafted desname parameter to overwrite
any files on the application server. Apply the critical patch update released in Jan 2006 by Oracle. This signature
detects attacks using %HH encoding and attack packets sending to the range of 8888-8889.
Signature ID: 35309
Oracle Reports Server desname Parameter File Overwrite Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-2371
Bugtraq: 14309
Signature Description: Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and
inserts it into a formatted report. Oracle Reports Server versions 6.0, 6i, 9i, and 10g could allow a remote attacker to